Replacing the Domain Controller

Hello,
I am in the process of replacing out DC running win2003 with the newer
server running win2003 as well. The current DC is the main DC with DHCP,
DNS,WINS, FS,PS. DNS is running AD integrated with the second DC Which is
Offsite and it also runs DHCP as well. I have the slight concept on the
migration but if you have any expert (step by step) advise, I would very much
appreciate it. To be more detail, I need to move everything from the old DC
to the new DC including the files and user permission. How would all the Ad
be transfered over to the new server? and what should I do in AD to remove
the old server since it will be totally taken out of the network.

"Prav" <(E-Mail Removed)> wrote in message
news:F99A9C45-4D0B-4E90-92D0-(E-Mail Removed)...
> Hello,
> I am in the process of replacing out DC running win2003 with the newer
> server running win2003 as well. The current DC is the main DC with DHCP,
> DNS,WINS, FS,PS. DNS is running AD integrated with the second DC Which is
> Offsite and it also runs DHCP as well. I have the slight concept on the
> migration but if you have any expert (step by step) advise, I would very
> much
> appreciate it. To be more detail, I need to move everything from the old
> DC
> to the new DC including the files and user permission. How would all the
> Ad
> be transfered over to the new server? and what should I do in AD to remove
> the old server since it will be totally taken out of the network.



Here's how I did it, it may not be optimal, but it works:

1) Install the new machine as a member server in the domain.
Assign it static IP, Mask, Gateway.
Point it to existing DNS and WINS for now.

Observe for a while to be sure it's stable.

2) Install core network services on it: DNS, WINS, DHCP
Configure DNS with a forward lookup zone for the domain name.
Configure reverse DNS as required.
Authorise the DHCP server.
Set up the DHCP scope: same as old scope,
but point DNS and WINS to new server.
but don't activate it yet.

3) Switch over the core services to the new server:
Choose a quiet time.
Re-point the existing DCs to the new machine as DNS and WINS.
Re-point the new machine to itself tor DNS and WINS.
Do in IPCONFIG /REGISTERDNS on the DCs to force
them to re-register themselves on the new DNS.
Do a DCDIAG /FIX on the DCs, to ensure all the domain related DNS entries
are made.
Look in the DNS server console to make sure the domain entries are there.
Shut down the old DHCP, and activate the new one.

Go to a client and do an ipconfig /release, ipconfig /renew
check it picks up sensible stuff from the new DHCP.

Let it run for a while like this:
Old DC, but new machine running core services.
Observe the network for a while for stability.
Ensure clients can still log in.

4) DCPROMO the new machine.
Do a DCDIAG.

5) Make the new machine a Golbal Catalog.

6) DCPROMO the old machine back to a member server.
This should transfer the FSMO roles automatically.
( you could do this explicitly if you wanted to. )

Observe the network for a while for stability.
Ensure clients can still log in.

7) Copy over the user data and re-create the file and print shares.
Re-point client mapped drives.

8) Shut down the old DC.
DCDIAG one more time.

Observe the network for a while for stability.
Ensure clients can still log in.



--
Best Regards
Ron Lowe

Ron,
Very much appreciated for the great detail. I have few more questions
regarding your posting.

I see that you recommend the new server be just a member server running
all the core servicess such as DNS WINS DHCP etc and I should still run the
old DC with the services. And then when I am sure that everything seems to be
normal make the new server a DC by doing the DCPROMO and in the process make
it a global catalog server as well. To transfer the FSMO role should I do it
manually or let the system do it automatically when downgrading the old DC
to Member server? How would I know that the FSMO role got transfered if I
chose the latter. Thanks again..

"Ron Lowe" wrote:

> "Prav" <(E-Mail Removed)> wrote in message
> news:F99A9C45-4D0B-4E90-92D0-(E-Mail Removed)...
> > Hello,
> > I am in the process of replacing out DC running win2003 with the newer
> > server running win2003 as well. The current DC is the main DC with DHCP,
> > DNS,WINS, FS,PS. DNS is running AD integrated with the second DC Which is
> > Offsite and it also runs DHCP as well. I have the slight concept on the
> > migration but if you have any expert (step by step) advise, I would very
> > much
> > appreciate it. To be more detail, I need to move everything from the old
> > DC
> > to the new DC including the files and user permission. How would all the
> > Ad
> > be transfered over to the new server? and what should I do in AD to remove
> > the old server since it will be totally taken out of the network.
>
>
>
> Here's how I did it, it may not be optimal, but it works:
>
> 1) Install the new machine as a member server in the domain.
> Assign it static IP, Mask, Gateway.
> Point it to existing DNS and WINS for now.
>
> Observe for a while to be sure it's stable.
>
> 2) Install core network services on it: DNS, WINS, DHCP
> Configure DNS with a forward lookup zone for the domain name.
> Configure reverse DNS as required.
> Authorise the DHCP server.
> Set up the DHCP scope: same as old scope,
> but point DNS and WINS to new server.
> but don't activate it yet.
>
> 3) Switch over the core services to the new server:
> Choose a quiet time.
> Re-point the existing DCs to the new machine as DNS and WINS.
> Re-point the new machine to itself tor DNS and WINS.
> Do in IPCONFIG /REGISTERDNS on the DCs to force
> them to re-register themselves on the new DNS.
> Do a DCDIAG /FIX on the DCs, to ensure all the domain related DNS entries
> are made.
> Look in the DNS server console to make sure the domain entries are there.
> Shut down the old DHCP, and activate the new one.
>
> Go to a client and do an ipconfig /release, ipconfig /renew
> check it picks up sensible stuff from the new DHCP.
>
> Let it run for a while like this:
> Old DC, but new machine running core services.
> Observe the network for a while for stability.
> Ensure clients can still log in.
>
> 4) DCPROMO the new machine.
> Do a DCDIAG.
>
> 5) Make the new machine a Golbal Catalog.
>
> 6) DCPROMO the old machine back to a member server.
> This should transfer the FSMO roles automatically.
> ( you could do this explicitly if you wanted to. )
>
> Observe the network for a while for stability.
> Ensure clients can still log in.
>
> 7) Copy over the user data and re-create the file and print shares.
> Re-point client mapped drives.
>
> 8) Shut down the old DC.
> DCDIAG one more time.
>
> Observe the network for a while for stability.
> Ensure clients can still log in.
>
>
>
> --
> Best Regards
> Ron Lowe
>
>
>

> Ron,
> Very much appreciated for the great detail. I have few more questions
> regarding your posting.
>
> I see that you recommend the new server be just a member server running
> all the core servicess such as DNS WINS DHCP etc and I should still run
> the
> old DC with the services. And then when I am sure that everything seems to
> be
> normal make the new server a DC by doing the DCPROMO and in the process
> make
> it a global catalog server as well. To transfer the FSMO role should I do
> it
> manually or let the system do it automatically when downgrading the old
> DC
> to Member server? How would I know that the FSMO role got transfered if I
> chose the latter. Thanks again..
>
> "Ron Lowe" wrote:




To make it a Global Catalog:
Start | Run | Admin Tools | AD Sites and Services
Sites | Your-Site | Servers | Your-Server | NTDS settings
R-click NTDS settings, Properties
Check 'Global Catalog'.

Re: Transferring FSMO roles:
http://support.microsoft.com/default...uct=winsvr2003

If you demote the existing DC, it will automatically find the new DC and
transfer them.
DCDIAG on the new DC will also tell you if it knows the holders of the
roles.
Google on NTDSUTIL and SIEZE FSMO ROLES if it all goes pear-shaped.

--
Best Regards
Ron Lowe

The only problem that I see here is when demoting the existing DC how does it
know to transfer the roles to the new DC rather than to another existing DC.
As I mentioned or I may have miscommunicated, we have two DC's and the one
which has the primary DNS role is the one that I am replacing. They are all
running Win2003 and the replaced one will not be in the network after it has
been demoted.

"Ron Lowe" wrote:

> > Ron,
> > Very much appreciated for the great detail. I have few more questions
> > regarding your posting.
> >
> > I see that you recommend the new server be just a member server running
> > all the core servicess such as DNS WINS DHCP etc and I should still run
> > the
> > old DC with the services. And then when I am sure that everything seems to
> > be
> > normal make the new server a DC by doing the DCPROMO and in the process
> > make
> > it a global catalog server as well. To transfer the FSMO role should I do
> > it
> > manually or let the system do it automatically when downgrading the old
> > DC
> > to Member server? How would I know that the FSMO role got transfered if I
> > chose the latter. Thanks again..
> >
> > "Ron Lowe" wrote:
>
>
>
>
> To make it a Global Catalog:
> Start | Run | Admin Tools | AD Sites and Services
> Sites | Your-Site | Servers | Your-Server | NTDS settings
> R-click NTDS settings, Properties
> Check 'Global Catalog'.
>
> Re: Transferring FSMO roles:
> http://support.microsoft.com/default...uct=winsvr2003
>
> If you demote the existing DC, it will automatically find the new DC and
> transfer them.
> DCDIAG on the new DC will also tell you if it knows the holders of the
> roles.
> Google on NTDSUTIL and SIEZE FSMO ROLES if it all goes pear-shaped.
>
> --
> Best Regards
> Ron Lowe
>
>
>

Well, don't do that.
Transfer them explicitly as per the article.

--
Best Regards
Ron Lowe

"Prav" <(E-Mail Removed)> wrote in message
news:AB75C222-2E81-4FDB-A83D-(E-Mail Removed)...
> The only problem that I see here is when demoting the existing DC how does
> it
> know to transfer the roles to the new DC rather than to another existing
> DC.
> As I mentioned or I may have miscommunicated, we have two DC's and the one
> which has the primary DNS role is the one that I am replacing. They are
> all
> running Win2003 and the replaced one will not be in the network after it
> has
> been demoted.
>