Swapping Out Domain Controllers

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have a domain with 2 (and only 2) active domain controllers, both of which
I am about to swap out. I need some guidance in the best way to do this
with the least disruption on my network.

The First Domain controller is SJV-DC-1 in addition to being an active
directory domain controller:

It is the primary DNS server
It is the DHCP server
It is the RADIUS server

The second domain controller is SJV-DC-2 and in addition to being an active
directory domain controller,

It is the global catalog
It is the secondary DNS server

I need to transfer all of these roles and functions over to the two new
servers in the exact same division. I'm wondering what the best course of
action is or if there is anything I should definitely do first (or pitfalls
I should avoid). I already know the basic steps of adding and removing
active directory services and promoting/demoting controllers.

Some of my concerns are, since I'm replacing both DNS servers, will my two
new servers have to end up with the same IP address as the old servers, to
avoid having to change a lot of records around. Do the new domain
controllers have to be named the same as the old ones (I'd like them to be
but it's not something that has to happen).

Right now, my thinking is that I install DNS services on one of the new
servers, and work on that until I have successfully made the new server the
DNS primary for all domains AND switched it to the correct IP address
(changing the old server's IP in the process). Then I bring the first
server up as a domain controller and then switch over DHCP/RADIUS to the
first new server. Then I bring up the second new server, install DNS and
make it a secondary AND switch it's ip to the correct ip (changing the old
server's IP in the process, then bring it up as a domain controller and make
it a global catalog. Then after doing all of that demote the two older
servers one at a time, and then remove them from the domain entirely.

Does this sound correct.

--
Alan Coleman
Network Administrator
St. Joseph's Villa
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Since you are not constraint to use the same names for the new DCs, the
easiest approach is as follows, briefly:

1. convert existing DNS Servers to Active Directory Integrated
2. add a new server (DC03) with new IP, point DNS to itself
3. run dcpromo on DC03, allow DNS to be installed (as AD-integrated)
4. make DC03 a "Global Catalog". Confirm that DC03 is a functional DC in
domain (check Event Viewer, SYSVOL, etc.).
5. Transfer FSMO roles from DC01 to DC03. Check Event Viewer to confirm.
6. Install and configure DHCP and/or RADIUS services.
7. repeat #2 to #4 (and #6 if needed) for DC04 (the other new Server)

There is also no need to have the new Servers take on the same IP as the old
(to be removed) Servers, as DNS records would be correctly registered for
clients to locate network services in the AD domain.

If the 2 Servers reside in the same AD domain, making them both GC is
recommended.

Once you are confident that everything functions to your expectations, you
can run dcpromo on the old Servers one by one to remove them from the AD
domain.

Do let us know if this helps.

"Alan Coleman" wrote:

> I have a domain with 2 (and only 2) active domain controllers, both of which
> I am about to swap out. I need some guidance in the best way to do this
> with the least disruption on my network.
>
> The First Domain controller is SJV-DC-1 in addition to being an active
> directory domain controller:
>
> It is the primary DNS server
> It is the DHCP server
> It is the RADIUS server
>
> The second domain controller is SJV-DC-2 and in addition to being an active
> directory domain controller,
>
> It is the global catalog
> It is the secondary DNS server
>
> I need to transfer all of these roles and functions over to the two new
> servers in the exact same division. I'm wondering what the best course of
> action is or if there is anything I should definitely do first (or pitfalls
> I should avoid). I already know the basic steps of adding and removing
> active directory services and promoting/demoting controllers.
>
> Some of my concerns are, since I'm replacing both DNS servers, will my two
> new servers have to end up with the same IP address as the old servers, to
> avoid having to change a lot of records around. Do the new domain
> controllers have to be named the same as the old ones (I'd like them to be
> but it's not something that has to happen).
>
> Right now, my thinking is that I install DNS services on one of the new
> servers, and work on that until I have successfully made the new server the
> DNS primary for all domains AND switched it to the correct IP address
> (changing the old server's IP in the process). Then I bring the first
> server up as a domain controller and then switch over DHCP/RADIUS to the
> first new server. Then I bring up the second new server, install DNS and
> make it a secondary AND switch it's ip to the correct ip (changing the old
> server's IP in the process, then bring it up as a domain controller and make
> it a global catalog. Then after doing all of that demote the two older
> servers one at a time, and then remove them from the domain entirely.
>
> Does this sound correct.
>
> --
> Alan Coleman
> Network Administrator
> St. Joseph's Villa
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have a couple of questions.

1) My DNS servers have more than just domain information for the active
directory domain. They have domain information for 2 other active directory
domains (1 child and one separate domain in the same forest) and then 8
other domains that are just regular DNS domains. Do I make ALL of these
domains Active Directory integrated. Also there is a 3rd DNS server that is
not a domain controller... do I need to promote it so that I can enable
active directory integration for all of them (I've actually been meaning to
promote that server anyway so it would actually be a good thing).

2) Just out of pure (and perhaps morbid) curiosity. If I did want the new
servers to keep the same name and IP address as the old servers what would I
have to do (or is it too much to even conceive?). I am actually genuinely
interested in keeping at least the IP addresses because I have other devices
that point to these servers and I'd rather not have to change all of them
(but then again it may not be worth it to try and keep them depending on
what I would have to do). I would just like to know what my options are.

3) What is the name of the tool that allows me to change roles from one
server to another... I always forget the name... once I have it I will know
how to use it. I just forgot the actual name.

Thanks

--
Alan Coleman
Network Administrator
St. Joseph's Villa
"Desmond Lee" <mcp@donotspamplease.mars> wrote in message
news:32EFB962-A0E6-47B2-BA0A-484D83BF9FC8@microsoft.com...
> Since you are not constraint to use the same names for the new DCs, the
> easiest approach is as follows, briefly:
>
> 1. convert existing DNS Servers to Active Directory Integrated
> 2. add a new server (DC03) with new IP, point DNS to itself
> 3. run dcpromo on DC03, allow DNS to be installed (as AD-integrated)
> 4. make DC03 a "Global Catalog". Confirm that DC03 is a functional DC in
> domain (check Event Viewer, SYSVOL, etc.).
> 5. Transfer FSMO roles from DC01 to DC03. Check Event Viewer to confirm.
> 6. Install and configure DHCP and/or RADIUS services.
> 7. repeat #2 to #4 (and #6 if needed) for DC04 (the other new Server)
>
> There is also no need to have the new Servers take on the same IP as the
old
> (to be removed) Servers, as DNS records would be correctly registered for
> clients to locate network services in the AD domain.
>
> If the 2 Servers reside in the same AD domain, making them both GC is
> recommended.
>
> Once you are confident that everything functions to your expectations, you
> can run dcpromo on the old Servers one by one to remove them from the AD
> domain.
>
> Do let us know if this helps.
>
> "Alan Coleman" wrote:
>
> > I have a domain with 2 (and only 2) active domain controllers, both of
which
> > I am about to swap out. I need some guidance in the best way to do this
> > with the least disruption on my network.
> >
> > The First Domain controller is SJV-DC-1 in addition to being an active
> > directory domain controller:
> >
> > It is the primary DNS server
> > It is the DHCP server
> > It is the RADIUS server
> >
> > The second domain controller is SJV-DC-2 and in addition to being an
active
> > directory domain controller,
> >
> > It is the global catalog
> > It is the secondary DNS server
> >
> > I need to transfer all of these roles and functions over to the two new
> > servers in the exact same division. I'm wondering what the best course
of
> > action is or if there is anything I should definitely do first (or
pitfalls
> > I should avoid). I already know the basic steps of adding and removing
> > active directory services and promoting/demoting controllers.
> >
> > Some of my concerns are, since I'm replacing both DNS servers, will my
two
> > new servers have to end up with the same IP address as the old servers,
to
> > avoid having to change a lot of records around. Do the new domain
> > controllers have to be named the same as the old ones (I'd like them to
be
> > but it's not something that has to happen).
> >
> > Right now, my thinking is that I install DNS services on one of the new
> > servers, and work on that until I have successfully made the new server
the
> > DNS primary for all domains AND switched it to the correct IP address
> > (changing the old server's IP in the process). Then I bring the first
> > server up as a domain controller and then switch over DHCP/RADIUS to the
> > first new server. Then I bring up the second new server, install DNS
and
> > make it a secondary AND switch it's ip to the correct ip (changing the
old
> > server's IP in the process, then bring it up as a domain controller and
make
> > it a global catalog. Then after doing all of that demote the two older
> > servers one at a time, and then remove them from the domain entirely.
> >
> > Does this sound correct.
> >
> > --
> > Alan Coleman
> > Network Administrator
> > St. Joseph's Villa
> >
> >
> >
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Answers in order posted. Hope they are helpful.

1. Making DNS AD-integrated is for convenience and added security. However,
DNS must reside on a Win 200x DC in the same AD domain to enable this feature.

Having said that, different DNS zone types can be simultaneously hosted on a
Win 200x DNS Server - AD-integrated, primary, secondary.

2. changing DC name is not recommended, although netdom (from W2k3 Support
Tools) does facilitate this.

For IP address, it is a simple matter changing it in NIC > Properties >
Internet Protocol (TCP/IP). Run "net stop netlogon" and "net start netlogon"
to allow the new IP info to be correctly registered in DNS though.

3. Active Directory Users & Computers (ADUC) > highlight AD domain >
Properties > RID / PDC / Infrastructure FSMO roles can be transferred.


"Alan Coleman" wrote:

> I have a couple of questions.
>
> 1) My DNS servers have more than just domain information for the active
> directory domain. They have domain information for 2 other active directory
> domains (1 child and one separate domain in the same forest) and then 8
> other domains that are just regular DNS domains. Do I make ALL of these
> domains Active Directory integrated. Also there is a 3rd DNS server that is
> not a domain controller... do I need to promote it so that I can enable
> active directory integration for all of them (I've actually been meaning to
> promote that server anyway so it would actually be a good thing).
>
> 2) Just out of pure (and perhaps morbid) curiosity. If I did want the new
> servers to keep the same name and IP address as the old servers what would I
> have to do (or is it too much to even conceive?). I am actually genuinely
> interested in keeping at least the IP addresses because I have other devices
> that point to these servers and I'd rather not have to change all of them
> (but then again it may not be worth it to try and keep them depending on
> what I would have to do). I would just like to know what my options are.
>
> 3) What is the name of the tool that allows me to change roles from one
> server to another... I always forget the name... once I have it I will know
> how to use it. I just forgot the actual name.
>
> Thanks
>
> --
> Alan Coleman
> Network Administrator
> St. Joseph's Villa
> "Desmond Lee" <mcp@donotspamplease.mars> wrote in message
> news:32EFB962-A0E6-47B2-BA0A-484D83BF9FC8@microsoft.com...
> > Since you are not constraint to use the same names for the new DCs, the
> > easiest approach is as follows, briefly:
> >
> > 1. convert existing DNS Servers to Active Directory Integrated
> > 2. add a new server (DC03) with new IP, point DNS to itself
> > 3. run dcpromo on DC03, allow DNS to be installed (as AD-integrated)
> > 4. make DC03 a "Global Catalog". Confirm that DC03 is a functional DC in
> > domain (check Event Viewer, SYSVOL, etc.).
> > 5. Transfer FSMO roles from DC01 to DC03. Check Event Viewer to confirm.
> > 6. Install and configure DHCP and/or RADIUS services.
> > 7. repeat #2 to #4 (and #6 if needed) for DC04 (the other new Server)
> >
> > There is also no need to have the new Servers take on the same IP as the
> old
> > (to be removed) Servers, as DNS records would be correctly registered for
> > clients to locate network services in the AD domain.
> >
> > If the 2 Servers reside in the same AD domain, making them both GC is
> > recommended.
> >
> > Once you are confident that everything functions to your expectations, you
> > can run dcpromo on the old Servers one by one to remove them from the AD
> > domain.
> >
> > Do let us know if this helps.
> >
> > "Alan Coleman" wrote:
> >
> > > I have a domain with 2 (and only 2) active domain controllers, both of
> which
> > > I am about to swap out. I need some guidance in the best way to do this
> > > with the least disruption on my network.
> > >
> > > The First Domain controller is SJV-DC-1 in addition to being an active
> > > directory domain controller:
> > >
> > > It is the primary DNS server
> > > It is the DHCP server
> > > It is the RADIUS server
> > >
> > > The second domain controller is SJV-DC-2 and in addition to being an
> active
> > > directory domain controller,
> > >
> > > It is the global catalog
> > > It is the secondary DNS server
> > >
> > > I need to transfer all of these roles and functions over to the two new
> > > servers in the exact same division. I'm wondering what the best course
> of
> > > action is or if there is anything I should definitely do first (or
> pitfalls
> > > I should avoid). I already know the basic steps of adding and removing
> > > active directory services and promoting/demoting controllers.
> > >
> > > Some of my concerns are, since I'm replacing both DNS servers, will my
> two
> > > new servers have to end up with the same IP address as the old servers,
> to
> > > avoid having to change a lot of records around. Do the new domain
> > > controllers have to be named the same as the old ones (I'd like them to
> be
> > > but it's not something that has to happen).
> > >
> > > Right now, my thinking is that I install DNS services on one of the new
> > > servers, and work on that until I have successfully made the new server
> the
> > > DNS primary for all domains AND switched it to the correct IP address
> > > (changing the old server's IP in the process). Then I bring the first
> > > server up as a domain controller and then switch over DHCP/RADIUS to the
> > > first new server. Then I bring up the second new server, install DNS
> and
> > > make it a secondary AND switch it's ip to the correct ip (changing the
> old
> > > server's IP in the process, then bring it up as a domain controller and
> make
> > > it a global catalog. Then after doing all of that demote the two older
> > > servers one at a time, and then remove them from the domain entirely.
> > >
> > > Does this sound correct.
> > >
> > > --
> > > Alan Coleman
> > > Network Administrator
> > > St. Joseph's Villa
> > >
> > >
> > >
>
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom