Replacing the first Domain Controller in the root domain
hi,
i have 3 domains in ad tree , multiple sites across europe. need replace domain controllers in root domain, including server holding forest wide fsmo roles. 1 of main challenges here domain controller heavily relied upon dns servers on our infrastructure, whether integrated our ad tree or not. need replacement dc have same dns hostname , ip address dc being replaced :( . isn't have had before i've been fortunate enough work in environments consolidated, 1 domain, windows etc. replacing dc has not been such challenge or risky. planning on taking opportunity introduce windows server 2008 dc's environment, replacement dc's running on windows server 2008.
there 2 domain controllers in root domain (we'll call them rootdc1 , rootdc2), 1 of them flakey don't want except demote it. thinking meet requirements of dc replacement @ moment follows, appreciate people's comments:
i have 3 domains in ad tree , multiple sites across europe. need replace domain controllers in root domain, including server holding forest wide fsmo roles. 1 of main challenges here domain controller heavily relied upon dns servers on our infrastructure, whether integrated our ad tree or not. need replacement dc have same dns hostname , ip address dc being replaced :( . isn't have had before i've been fortunate enough work in environments consolidated, 1 domain, windows etc. replacing dc has not been such challenge or risky. planning on taking opportunity introduce windows server 2008 dc's environment, replacement dc's running on windows server 2008.
there 2 domain controllers in root domain (we'll call them rootdc1 , rootdc2), 1 of them flakey don't want except demote it. thinking meet requirements of dc replacement @ moment follows, appreciate people's comments:
- build new dc rootdc3
- transfer fsmo roles rootdc3
- demote (dcpromo) rootdc1
- check dns across forest, check srv records etc.
- check replication topology has reconverged in replmon
- pause couple of inter-site replication cycles
- check rootdc1 removed ad using adsiedit
- check event logs on dc’s across forest
- rename rootdc1 rootdc1_old
- change ip address of rootdc1_old
- check dns across forest
- build new server called rootdc1 same ip original rootdc1
- check dns across forest
- dcpromo rootdc1
- check dns across forest, check srv records etc
- check replication topology in replmon
- check event logs on dc’s across forest
- pause couple of replication cycles
- seize fsmo roles root-dc1
- make rootdc3 gc
- demote rootdc2
- decommission rootdc2
has else had kind of upgrade/replacement before in heterogenous environment? have been experiences of replacing root domain controllers? should thinking trying retain same name , ip address or asking trouble?
thanks,
richard
install new server each existing dc want replace.
install w2k8 non-existing name , promote dc. install , configure all services on new dc need (e.g. dns). demote dc (if contains fsmo roles move them away dc) , cleanup dns records of dc. allow replication take place or force so. rename newly installed w2k8 dc using demoted dc's name. using netdom tool.after has been done re-ip dc , reregister records (ipconfig /registerdns & net stop dns & net start dns & net stop netlogon & net start netlogon)
jorge de almeida pinto [mvp-ds / ad ds technet forums moderator]
install w2k8 non-existing name , promote dc. install , configure all services on new dc need (e.g. dns). demote dc (if contains fsmo roles move them away dc) , cleanup dns records of dc. allow replication take place or force so. rename newly installed w2k8 dc using demoted dc's name. using netdom tool.after has been done re-ip dc , reregister records (ipconfig /registerdns & net stop dns & net start dns & net stop netlogon & net start netlogon)
jorge de almeida pinto [mvp-ds / ad ds technet forums moderator]
Windows Server > Directory Services
Comments
Post a Comment