Solved

Adding a 2nd Domain (DC2) Controller and Retiring (DC1)...

Posted on 2016-11-11
6
42 Views
Last Modified: 2016-11-12
Future Scenario to Be Realistic in 2 weekends:
1. Current Active Directory DC1 (10.0.0.5) is 5 years old and customer wants to upgrade hardware.
2. Same current 5yr old hardware is DC1(10.0.0.5) using Windows 2012 Server with the latest updates.
3. Customer wants to upgrade their current hardware (DC1) and software to Windows 2012 R2.
4. Will Install Windows 2012 R2 on new hardware, promote to a DC2 (10.0.0.6) and Add new DC2 (10.0.0.6) to the current DC1 (10.0.0.5).
After doing so, DC2 (10.0.0.6) should replicate DC1's(10.0.0.5) Active Directory settings.
5.  Will enable DHCP on DC2 (10.0.0.6) and disable DC1(10.0.0.5) as the DHCP server.
6.  Will also allow DC2(10.0.0.6) to be the primary DNS server under DHCP's DNS settings for LAN PCs.
7.  domain.local wil remain the same and will not change.  
8.  DCs are strictly local and .com is nor will be necessary hence, domain.local will suit the company fine for the type of business that it is.

**What steps should I take to retire DC1 after DC2 (10.0.0.6) has joined the Domain as a Domain Controller (DC2) and DC2 propagates DC1's Active Directory settings?
1) Do I simply demote DC1 after approximately 24hours/1day as well as remove the Active Directory server role?
2) If so, will DC2 allow for new computers to join the domain.local once DC1 has been demoted and shutdown?
3)  How do I migrate the FSMO role(s) if necessary to DC2?
0
Comment
Question by:eitconsulting
  • 3
  • 2
6 Comments
 
LVL 7

Accepted Solution

by:
No More earned 500 total points
ID: 41884457
1,Join DC2 to domain as Domain cotroller

2.transfer FSMO roles https://winsvr.wordpress.com/2012/12/17/transferring-fsmo-roles-from-ws-2008r2-dc-to-ws-2012-dc/

3. Export DHCP settings, install DHCP role on DC2, shutdown DHCP on DC1 import DHCP settings on DC2 and promote

4. Uninstall DHCP and Demote DC1,

You could also give DC2 IP address of DC1 after DC1 is shutdown
0
 

Author Comment

by:eitconsulting
ID: 41884460
David:
 Sounds pretty straight forward.  Despite the link using Windows 2008R2 in its example, should still work with Win2012 (Win2008 in link) to 2012R2 (Win2012 in link)?
0
 
LVL 7

Expert Comment

by:No More
ID: 41884463
Yes, it's same, but the link is in nice detail
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 
LVL 7

Expert Comment

by:No More
ID: 41884465
ALso with the DHCP it's up to you one way or the other you will have little downtime few minutes, you could also just install DHCP role on server DC2 and completely ignore export import, depending on settings in current DHCP
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 41884470
Can I be blunt?

You realize this is basic AD configuration?  If you have never done this before why are you experimenting with a client's network first?  You should be setting up a lab environment and learning this stuff first.

So, in a lab environment, you should transfer the FSMO roles (there are multiple ways of doing this, PowerShell, NTDSUtil, or the GUI interfaces.
Make sure the DHCP servers are no longer assigning the old server as a DNS server.

Make sure the new server(s) are Global Catalog server(s).

I would suggest turning OFF the DC you want to remove for a couple of days to ensure everything is working properly.  But before that - and before even promoting the new DC, run DCDIAG /C /E /V and REPADMIN /SHOWREPL to ensure AD is healthy.

If this stuff is too new to you, you would be wise to hire/partner with someone with experience or get proper training.
0
 

Author Closing Comment

by:eitconsulting
ID: 41884485
David, great link with a way to do it via the GUI.  I've used the ntdsutil in the past and it also had real examples using both the ntdsutil and powershell.  Thank you.

Lee, but we're having so much fun experimenting with the client's actual production AD environment.  Deep breaths!!  We used Microsoft's disk2vhd app to convert and export the client's AD server successfully to our VM lab.  I'm merely asking a question here as I typically do here as well as on SpiceWorks and TechRepublic for important feedback in order to possibly learn of new and/or more efficient ways to do the things we do.
1

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question