DC/DNS need replacing;Method of attack?

Discussion in 'Windows Networking' started by VIDRO, Sep 11, 2007.

  1. VIDRO

    VIDRO Guest

    I need to replace a domain controller that is also the primary DNS.
    All my clients are static IP and not DHCP so I will assume my new DNS will
    need to keep the IP of my old DNS.
    How is the best way to do all this.
     
    VIDRO, Sep 11, 2007
    #1
    1. Advertisements

  2. Hello,

    Once it is replaced, you can switch the IP. But you will have a gap (between
    starting to demote and switching ip).

    You may go safer way by adding the new DC temp IP as secondary dns on
    workstation, and then removing when it's finished.

    You may use psexec + netsh do update all workstation:
    download psexec:
    http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx

    netsh command:
    add dns "Local Area Connection" X.X.X.X index=2

    and the whole picture would be like:
    psexec \\WORKSTATIONA netsh add dns "Local Area Connection" X.X.X.X index=2
     
    Mathieu CHATEAU, Sep 11, 2007
    #2
    1. Advertisements

  3. VIDRO

    David Brown Guest

  4. VIDRO

    VIDRO Guest

    ..
    The very first ADDC which is also the DNS server is too old to keep up with
    the younger/newer network devices. That being said I do have 3 other DC that
    also retain the Global Catalog.
    I have attempted to remove the old server and put another new unit in its
    place.
    Because one subnet uses static IP’s I was wanting to use the old server IP
    address on the new server so I wouldn’t have to go manually change users
    config.

    What I did and what happened;
    I configured the new server as a DC with a GC and configured DNS on it.
    I moved the Roles from the old server to other servers.
    I shut down the old server (I did not remove the GC or do a dcpromo).
    I replaced the IP of the newer to what was the old server.
    The DNS database on the new server appeared to be populated and correct.
    But then my mail server started to receive errors about a domain logon
    server not available and certain service started shutting down. I did a
    reboot on the mail server but still had similar problems other computers were
    also experience similar authentication problems, not able to find LDAP and a
    AD domain server.
    I put everything back the way it was and it all started working as expected.

    THE QUESTION:
    What did I miss in trying to remove the old DC?
    There were 3 available DC-GC and a DNS with the IP of the old DNS (I had
    edited the DNS database , removing the old server and adding the new server)
    why didn’t the mail server look at one of the available DC-GC ?why did
    continue to want the old server?
     
    VIDRO, Sep 25, 2007
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.