asked on Replacing an existing domain controller
Hello Experts,
The PC with my virtual domain crashed, so I can’t lab this up and find the answer myself, so I thought I would just post it and get your thoughts.
I have a domain at work where the two domain controllers are running Server 2008 R2. Since those no longer get security updates, I need to upgrade them. Thanks to delays in manufacturing and shipping, the replacement servers I ordered before Christmas just came in yesterday. A summary of our environment is as follows:
1. Two domain controllers named DC-A (IP address: 10.10.0.1) and DC-B (IP address: 10.20.0.1)
2. Domain has two sites (Campus and Downtown)
3. DC-A is in the Downtown site
4. DC-B is in the Campus site
5. There are several “home grown” applications and various configurations that make calls to Active Directory using both server name and server IP.
I want to do the following to minimize the amount of work and inconvenience on everyone:
1. Build the first new domain controller (build will be Server 2016). The new domain controller will be given a name of DC-C with an IP of 10.10.0.201.
2. Run forest and domain prep for the introduction of Server 2016 domain controllers.
3. Bring the new domain controller online and let replication take place.
4. Power off DC-A.
5. Rename DC-C to DC-A. Re-IP DC-C to 10.10.0.1.
6. Reboot DC-C. When it comes back up, it will be the new DC-A.
7. Do a clean on the metadata
I can’t see any reason that the steps above won’t work, but as I stated, I don’t have a lab to test the process in right now. Do any of you see issues with this process?
Thanks,
Nick
The PC with my virtual domain crashed, so I can’t lab this up and find the answer myself, so I thought I would just post it and get your thoughts.
I have a domain at work where the two domain controllers are running Server 2008 R2. Since those no longer get security updates, I need to upgrade them. Thanks to delays in manufacturing and shipping, the replacement servers I ordered before Christmas just came in yesterday. A summary of our environment is as follows:
1. Two domain controllers named DC-A (IP address: 10.10.0.1) and DC-B (IP address: 10.20.0.1)
2. Domain has two sites (Campus and Downtown)
3. DC-A is in the Downtown site
4. DC-B is in the Campus site
5. There are several “home grown” applications and various configurations that make calls to Active Directory using both server name and server IP.
I want to do the following to minimize the amount of work and inconvenience on everyone:
1. Build the first new domain controller (build will be Server 2016). The new domain controller will be given a name of DC-C with an IP of 10.10.0.201.
2. Run forest and domain prep for the introduction of Server 2016 domain controllers.
3. Bring the new domain controller online and let replication take place.
4. Power off DC-A.
5. Rename DC-C to DC-A. Re-IP DC-C to 10.10.0.1.
6. Reboot DC-C. When it comes back up, it will be the new DC-A.
7. Do a clean on the metadata
I can’t see any reason that the steps above won’t work, but as I stated, I don’t have a lab to test the process in right now. Do any of you see issues with this process?
Thanks,
Nick
Active DirectorySecurity
Last Comment
ndalmolin_13
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
I would not try to rename a DC after it is a DC. I have had problems with that...weird problems where file access was slow.
Better to get the name right before making a DC.
Better to get the name right before making a DC.
ASKER
Thanks for the details Jeff. I will work through the steps you have provided.
Your help has saved me hundreds of hours of internet surfing.
fblack61
This in particular will not work. The old DC-A needs to be removed from AD (either through normal demotion and rename or metadata cleanup, with demotion being preferred) before you can rename anything else to DC-A.
Jeff's steps above look good to me.