Moving server roles

[modcoms]

Hi
I have a domain controller that’s giving up the ghost it’s locking up every few days and requires a reboot.
The DC is 4 years old and is being replaced this summer, the new kit has arrived I have installed windows 2003 server on it and joined it to the domain but not run DCPROMO.
What I need to know is what procedure do I need to follow to transfer the roles from the old dc to the new one and then rename the new dc to the old name.

[jcollings]

This document explains transferring roles:

How to view and transfer FSMO roles in Windows Server 2003

In terms of naming what we've done here is built new servers with a new name then, in DNS pointed the old name at the new box so the one server answers to both names. Seems to work fine for us.

[Dos_Box]

You didn't have a second domain controller for 4 years!!!!

*Eeeek*

[powdarrmonkey]

To summarise:

1. Promote the new server to be an additional domain controller and wait for replication to complete.
2. Transfer all three FSMO roles and wait for replication to complete.
3. Demote the original controller to be a member server and, wait for it... wait for replication to complete.
4. Remove the old server from the domain and tell the new server to answer to its old name.

You can rename domain controllers, so you could replace the old one like for like, but it's a bit long-winded. Not so bad if you have a simple domain model though.

[modcoms]

You didn't have a second domain controller for 4 years!!!!

*Eeeek*

Yes we did but its more of a mule than the dc the 2nd dc is on a 7 year old dell server

[zag]

I would promote the DC as soon as possible and simply seize the 4 roles. Then change it to a global catalogue server as well.

Its a 10 minute operation.

[no_reason]

Hi Modcoms
As you have an additional DC already this is very simple and straight forward to achieve.

1: Demote Dc that you are wanting to replace to a member server. When you demote it all the FSMO roles will transfer automatically as part of the demotion to the remaining DC. As a previous poster said to seize the roles, this is not advisable and only used when a server that is holding the roles has died altogether. So in effect you would be using a sledge hammer to crack a nut!!

2:Rename the newly demoted server to a new name as you are wanting your replacement DC to have the original name and change the IP, assuming you want the replacement DC to have the same IP

3:Either build your new replacement DC using the name of the old DC and configure it with the IP of the old one, or rename it if its already built up with a temporary name.

4:Check DNS to make sure that any old NS records that were referencing the old dc are gone.

5:Run DCpromo on the new server to make it a dc

6:Allow replication to complete, this can take a while if there are ots of GPO's

7:Tranfer any FSMO's that you wish to transfer to it.

and voila!! There you have your new DC with original name

The risks: For a very short time you wil be running with one DC, if you time it right should only be a few minutes!

While you can aso use the netdom tool to rename a live DC it is not recomended to rename a Domain Controller, although it is possible.

Hope this helps.

[techi]

no_reason you are correct i have had to do this recently and that is the way i did it. Like you say renaming a DC is possible using net dom but like you i dont reccommend that at all unless its your last solution! By demoting the old dc the roles will transfer to your second dc and therefore change the name. Then you can rename your new server with the same name and IP as your old one and there you have it a replacement dc with the same name!

[powdarrmonkey]

I would promote the DC as soon as possible and simply seize the 4 roles. Then change it to a global catalogue server as well.

Its a 10 minute operation.

Seizing should always be a last resort.

[djdohboy]

I would create a virtual domain controller and move the roles to that, so that if everything goes wrong at least you have a copy of your AD, then clone the Virtual server and demote the old server, then bring the new one in with the old name, and transfer the roles back to the new one, its a bit long winded but at least during the whole transfer you have a live backup.

[modcoms]

Just to let you all know I did the domian transfer and it all worked fine