Link to home
Start Free TrialLog in
Avatar of eitconsulting
eitconsultingFlag for United States of America

asked on

Adding a 2nd Domain (DC2) Controller and Retiring (DC1)...

Future Scenario to Be Realistic in 2 weekends:
1. Current Active Directory DC1 (10.0.0.5) is 5 years old and customer wants to upgrade hardware.
2. Same current 5yr old hardware is DC1(10.0.0.5) using Windows 2012 Server with the latest updates.
3. Customer wants to upgrade their current hardware (DC1) and software to Windows 2012 R2.
4. Will Install Windows 2012 R2 on new hardware, promote to a DC2 (10.0.0.6) and Add new DC2 (10.0.0.6) to the current DC1 (10.0.0.5).
After doing so, DC2 (10.0.0.6) should replicate DC1's(10.0.0.5) Active Directory settings.
5.  Will enable DHCP on DC2 (10.0.0.6) and disable DC1(10.0.0.5) as the DHCP server.
6.  Will also allow DC2(10.0.0.6) to be the primary DNS server under DHCP's DNS settings for LAN PCs.
7.  domain.local wil remain the same and will not change.  
8.  DCs are strictly local and .com is nor will be necessary hence, domain.local will suit the company fine for the type of business that it is.

**What steps should I take to retire DC1 after DC2 (10.0.0.6) has joined the Domain as a Domain Controller (DC2) and DC2 propagates DC1's Active Directory settings?
1) Do I simply demote DC1 after approximately 24hours/1day as well as remove the Active Directory server role?
2) If so, will DC2 allow for new computers to join the domain.local once DC1 has been demoted and shutdown?
3)  How do I migrate the FSMO role(s) if necessary to DC2?
ASKER CERTIFIED SOLUTION
Avatar of No More
No More

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of eitconsulting

ASKER

David:
 Sounds pretty straight forward.  Despite the link using Windows 2008R2 in its example, should still work with Win2012 (Win2008 in link) to 2012R2 (Win2012 in link)?
Avatar of No More
No More

Yes, it's same, but the link is in nice detail
ALso with the DHCP it's up to you one way or the other you will have little downtime few minutes, you could also just install DHCP role on server DC2 and completely ignore export import, depending on settings in current DHCP
Avatar of Lee W, MVP
Can I be blunt?

You realize this is basic AD configuration?  If you have never done this before why are you experimenting with a client's network first?  You should be setting up a lab environment and learning this stuff first.

So, in a lab environment, you should transfer the FSMO roles (there are multiple ways of doing this, PowerShell, NTDSUtil, or the GUI interfaces.
Make sure the DHCP servers are no longer assigning the old server as a DNS server.

Make sure the new server(s) are Global Catalog server(s).

I would suggest turning OFF the DC you want to remove for a couple of days to ensure everything is working properly.  But before that - and before even promoting the new DC, run DCDIAG /C /E /V and REPADMIN /SHOWREPL to ensure AD is healthy.

If this stuff is too new to you, you would be wise to hire/partner with someone with experience or get proper training.
David, great link with a way to do it via the GUI.  I've used the ntdsutil in the past and it also had real examples using both the ntdsutil and powershell.  Thank you.

Lee, but we're having so much fun experimenting with the client's actual production AD environment.  Deep breaths!!  We used Microsoft's disk2vhd app to convert and export the client's AD server successfully to our VM lab.  I'm merely asking a question here as I typically do here as well as on SpiceWorks and TechRepublic for important feedback in order to possibly learn of new and/or more efficient ways to do the things we do.