Andrew Cuoco
asked on
Correct way to demote and promote a new domain controller?
My coworker and I are at odds on the correct way to upgrade our DC.
What I've learned, but never had to promote a new DC, was to use DCPROMO. To promote the new server and then demote the old server.
I would like to install windows server 2012 r2 add it to the domain and promote via dcpromo.exe.
He's been at the company longer(10+ years, I've been here for 2 months) and thinks it's better if we use his way. We use a Datto for snapshot backups of the server. He thinks it's best to do a bare metal restore from the Datto to the server. We are also in a fail over clustered environment if that makes a difference.
The server is a Gen 3 HP from 2010. The new server is a gen10 from 2019. I told him that it's too great of a time period between servers that a fresh install is best. He says that our DFRS, DNS, DHCP won't be transferred over to the new DC. I've told him that EVERYTHING is transferred over with DCPROMO.
I spoke with the Director and he says we need to figure this out, laughed and walked away.
Now, this isn't going anywhere, so I'd like to get some feedback from seasoned system administrators.
Thank you,
Andrew
What I've learned, but never had to promote a new DC, was to use DCPROMO. To promote the new server and then demote the old server.
I would like to install windows server 2012 r2 add it to the domain and promote via dcpromo.exe.
He's been at the company longer(10+ years, I've been here for 2 months) and thinks it's better if we use his way. We use a Datto for snapshot backups of the server. He thinks it's best to do a bare metal restore from the Datto to the server. We are also in a fail over clustered environment if that makes a difference.
The server is a Gen 3 HP from 2010. The new server is a gen10 from 2019. I told him that it's too great of a time period between servers that a fresh install is best. He says that our DFRS, DNS, DHCP won't be transferred over to the new DC. I've told him that EVERYTHING is transferred over with DCPROMO.
I spoke with the Director and he says we need to figure this out, laughed and walked away.
Now, this isn't going anywhere, so I'd like to get some feedback from seasoned system administrators.
Thank you,
Andrew
ASKER
Hi SirDragon,
Thank you for the lengthy reply, I will do my best answering as much as possible.
We currently use a 2010 HP DL360 G4P running Windows Server 2012r2
The forest and domain level are both 2008 R2
We run 4 DCs, 2 physical and 2 virtual DC's. I don't know why we run 4 when we have less than 200 users.
The DATTO device is something kind of neat. It takes snapshots of the servers and backs them up to the device and also their cloud. In the event that one of our servers literally caught fire and we needed to get it up and running, we can run the server directly off the datto device or we can do a bare metal restore. I've done neither and I am also learning about this Datto device as I need to learn to mange it.
Thank you for the writeup. After reading it, if I did a bare metal restore then it would keep all of the extra services intact. DNS, DHCP, DFRS. But the correct method would be to rebuild these services? DNS, DHCP, DFRS and any other service we install/use?
Can you please explain the VMWare? How does this help my process. I am trying to upgrade our physical DC's. Not the virtual ones. Moreover, we run many servers on our hypervisor failover cluster. I am more familiar with VMware but the director prefers HV.
Thank you for the lengthy reply, I will do my best answering as much as possible.
We currently use a 2010 HP DL360 G4P running Windows Server 2012r2
The forest and domain level are both 2008 R2
We run 4 DCs, 2 physical and 2 virtual DC's. I don't know why we run 4 when we have less than 200 users.
The DATTO device is something kind of neat. It takes snapshots of the servers and backs them up to the device and also their cloud. In the event that one of our servers literally caught fire and we needed to get it up and running, we can run the server directly off the datto device or we can do a bare metal restore. I've done neither and I am also learning about this Datto device as I need to learn to mange it.
Thank you for the writeup. After reading it, if I did a bare metal restore then it would keep all of the extra services intact. DNS, DHCP, DFRS. But the correct method would be to rebuild these services? DNS, DHCP, DFRS and any other service we install/use?
Can you please explain the VMWare? How does this help my process. I am trying to upgrade our physical DC's. Not the virtual ones. Moreover, we run many servers on our hypervisor failover cluster. I am more familiar with VMware but the director prefers HV.
ok so if understand this better now, you want to do hardware migration not necessarily an AD upgrade?
then DATTO may be a good solution, DATTO does an image capture of the whole system and restore to bare metal.
this is not a bad solution, but considering you are restore to new hardware you will have to reconfigure the drivers, etc... and potentially may have issues with the storage system.
I have to admit. that if the server was built some years it is not a bad idea to start fresh, but of course you have to do more work.
The restore will be faster, and if it fails you can always go back to the original server and try again.
Either way i would make sure that FSMO roles are NOT on the server you are migrating, you should move them to another DC.
There is no right or wrong way here.
then DATTO may be a good solution, DATTO does an image capture of the whole system and restore to bare metal.
this is not a bad solution, but considering you are restore to new hardware you will have to reconfigure the drivers, etc... and potentially may have issues with the storage system.
I have to admit. that if the server was built some years it is not a bad idea to start fresh, but of course you have to do more work.
The restore will be faster, and if it fails you can always go back to the original server and try again.
Either way i would make sure that FSMO roles are NOT on the server you are migrating, you should move them to another DC.
There is no right or wrong way here.
ASKER
Hi SirDragon,
Yes, hardware migration to new hardware. We'll, we will eventually upgrade it to 2012 by EOY but we just need new hardware.
We use a Netapp SAN for storage. I'm pretty sure it would be easy to disconnect and reconnect/reconfigure.
Can you please explain the VMWare you mentioned previously?
Yes, hardware migration to new hardware. We'll, we will eventually upgrade it to 2012 by EOY but we just need new hardware.
We use a Netapp SAN for storage. I'm pretty sure it would be easy to disconnect and reconnect/reconfigure.
Can you please explain the VMWare you mentioned previously?
My £0.02
After 20 years of doing domain/server infrastructure migrations, I've learned one thing. If you have two options
1. Build Clean
2. Migrate From/to
That as much as possible always got for option 2, This is a no brainer, I don't care how cool you restore platform is. The HP server should be deployed from Smart Deployment anyway (Press F10 as it boots) NOT hardware restored from a 10 year old (unsupported hardware platform).
>>DFRS, DNS, DHCP won't be migrated
DFRS - If you have custom DFRS settings then simply migrate them if he's talking about simply SYSVOL/Netlogon then this will be fine
DNS: If it AD integrated DNS this won't be a problem - its part of the AD database.
DHCP: He's correct but a server does not need to need to be a Dc to be a DHCP server, and you can migrate a DHCP server settings with two commands, in less than about 5 seconds (here's me doing it) Link: https://www.petenetlive.com/KB/Article/0000447
Built fresh, add it to the domain, promote it, demote the old one, disconnect the old one from the network for a few weeks (because you will have forgotten that one application that only Susan who works one day a month uses, and it's on the old server). After a decent amount of time remove the old one from the domain.
Since NT4 Ive had probably hundreds of these jobs to do (I worked for a HP reseller vendor for 8 years!)
Regards,
Pete
After 20 years of doing domain/server infrastructure migrations, I've learned one thing. If you have two options
1. Build Clean
2. Migrate From/to
That as much as possible always got for option 2, This is a no brainer, I don't care how cool you restore platform is. The HP server should be deployed from Smart Deployment anyway (Press F10 as it boots) NOT hardware restored from a 10 year old (unsupported hardware platform).
>>DFRS, DNS, DHCP won't be migrated
DFRS - If you have custom DFRS settings then simply migrate them if he's talking about simply SYSVOL/Netlogon then this will be fine
DNS: If it AD integrated DNS this won't be a problem - its part of the AD database.
DHCP: He's correct but a server does not need to need to be a Dc to be a DHCP server, and you can migrate a DHCP server settings with two commands, in less than about 5 seconds (here's me doing it) Link: https://www.petenetlive.com/KB/Article/0000447
Built fresh, add it to the domain, promote it, demote the old one, disconnect the old one from the network for a few weeks (because you will have forgotten that one application that only Susan who works one day a month uses, and it's on the old server). After a decent amount of time remove the old one from the domain.
Since NT4 Ive had probably hundreds of these jobs to do (I worked for a HP reseller vendor for 8 years!)
Regards,
Pete
ASKER
Good morning Pete!
Thank you for the information. I do have a "Susan" that comes in once a week for some application support so that's a great idea. Your link didn't work though. Can you check? I love watching video tutorials. They are super helpful. Thank you!~
Thank you for the information. I do have a "Susan" that comes in once a week for some application support so that's a great idea. Your link didn't work though. Can you check? I love watching video tutorials. They are super helpful. Thank you!~
Link inserted :)
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Few questions before i get into details:
- what is the current Windows server for AD?
- do you know the Forest and Domain level?
- How many DCs do you currently have?
I don't understand the DATTO scenario you are mentioned? how does this fit the DCPROMO?
In short, this is the procedure but i can't tell you details, depends on your current environment:
- Create a backup of your FSMO role server
- you need to make sure your Forest and Domain are up to par for 2012 R2
- Install 2012 R2, join the domain
- you can perform a forest prep and domain prep to upgrade the schema manually. it's good way to see any potential errors
- once you are ready, you promote Windows 2012 R2 to Domain controller, install role and follow the wizard
- DNS can be installed during the process, and will be replicated, but DNS needs to be AD integrated.
- once this is completed, you can work on replicatio, Sites and Services etc
- DHCP is separate, but very easy to migrate over.
- DFRS will need to integrate with current replication topology and migrated over
if the server is 2010 or older either you are using Windows 2008 or even worst 2003, if it's the first, i would think you should have not too many issues.
On the other hand, Windows 2008 is no longer supported (as of Jan 2020) so why restore an OLD OS on new hardware, it may actually not be supported on the HCL.
Also, why would you not install VMWare, you can get a free version... will help your process.
I hope this is some ideas and thoughts to move forward in your process.
Let us know.