+ Post New Thread
Results 1 to 15 of 15
Windows Thread, Server Migration in Technical; Morning all, I'm going to replace an ageing 5 years + domain controller soon and was wondering just what procedure ...
  1. #1

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328

    Question Server Migration

    Morning all,

    I'm going to replace an ageing 5 years + domain controller soon and was wondering just what procedure you guys use (I mean in what order). This is how I usually do things, but just curious if people do things differently

    1. Firstly install Server 2003 SP2 and/or R2 then join the existing domain as a member server.
    2. Export DHCP from existing DC and import DHCP onto member server.
    3. Promote new member server to a domain controller
    4. Transfer FSMO Roles by GUI as described here
    5. Create a new Global Catalog
    6. Create a Secondary DNS Zone
    7. Unauthorise old DHCP database
    8. Remove old Global Catalog
    9. Change the role of the new DNS server to Primary DNS
    10. Remove the old domain controller from the network and change the new domain controller IP address
    11. Rename the domain controller so it's the same as the old domain controller

    The question I've often asked though is "how long is enough" for replication to take place between two domain controllers? Many thanks!

  2. #2
    IanT's Avatar
    Join Date
    Aug 2008
    Location
    @ the back of my server racks farting.....
    Posts
    1,887
    Thank Post
    2
    Thanked 118 Times in 109 Posts
    Rep Power
    59
    looks good to me.

  3. Thanks to IanT from:

    Michael (27th January 2009)

  4. #3
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    3,530
    Thank Post
    815
    Thanked 380 Times in 317 Posts
    Blog Entries
    12
    Rep Power
    80
    You don't really need to do anything with dhcp other than create the range and reservations, everything else will recreate itself.

    You also dont really need to use the same IP address for the domain controller, just create a new one and point the clients(using dhcp) to the new DNS server. This might be a lot cleaner than trying to replicate the old setup.

  5. Thanks to zag from:

    Michael (27th January 2009)

  6. #4

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    You're right about DHCP, but as for DNS I suppose I like to keep things simple. Keeping the same IP and servername can save a lot of time too

  7. #5
    altecsole's Avatar
    Join Date
    Jun 2005
    Location
    Morecambe, Lancashire, UK.
    Posts
    281
    Thank Post
    39
    Thanked 36 Times in 26 Posts
    Rep Power
    24
    It sounds like you're only using a single DC? If I were you I'd strongly consider having a second DC, even if it's the old one. If your DC goes down you'll be in a much better position to recover from.

  8. #6

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    I do generally stick to single domain controllers, but I normally implement RAID1 on the system drive for redundancy.

  9. #7

    Join Date
    Dec 2006
    Location
    Hertfordshire
    Posts
    78
    Thank Post
    0
    Thanked 4 Times in 3 Posts
    Rep Power
    15
    Don't forget Certificate Services and possibly IIS settings and IAS (Radius) if you have it installed.

  10. #8

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,855
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    181
    If your DNS is AD-integrated you don't need to do anything with primary and secondary servers, it just works. (If it's not already integrated, now is a good time.)

  11. #9

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    What would Certificate Services typically be used for?

    I do run IIS just for WSUS 3.0 which is straight forward. Just a case of re-installing WSUS 3.0 on the new server, then exporting and re-importing the database and the files themselves

    DNS is AD integrated already. I see no reason for it not to be!

  12. #10

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,855
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    181
    Good, just make sure you install DNS on the new one and AD will take care of copying the zones for you.

    Certificate services is for issuing (usually) SSL certificates and RADIUS certificates, but also X.509s for encryption etc. If you don't know about it, it's almost certainly not on there.

  13. Thanks to powdarrmonkey from:

    Michael (27th January 2009)

  14. #11

    Michael's Avatar
    Join Date
    Dec 2005
    Location
    Birmingham
    Posts
    8,941
    Thank Post
    232
    Thanked 1,510 Times in 1,206 Posts
    Rep Power
    328
    Good, just make sure you install DNS on the new one and AD will take care of copying the zones for you.
    Of course silly me! All AD integrated DNS servers are essentially primaries anyway. Just as well I do a checklist before starting!

    I've never had the need to issue SSL certificates in a domain but just for websites, like for payment gateways. I suppose it's something that could be used with Exchange servers I presume?

  15. #12

    powdarrmonkey's Avatar
    Join Date
    Feb 2008
    Location
    Alcester, Warwickshire
    Posts
    4,855
    Thank Post
    412
    Thanked 777 Times in 650 Posts
    Rep Power
    181
    Normally if it's a service you're going to expose, you'll get an SSL certificate from Verisign/Comodo/similar because it'll be trusted by a browser at home, for example. But if you're going to issue internally only, you can configure your clients to trust your certificate server in the same way.

    It does lots of other things too: EFS is based on certificates; so is RADIUS; they can be used for two-factor authentication; etc etc etc.

    All AD integrated DNS servers are essentially primaries anyway. Just as well I do a checklist before starting!
    Well, kind of... they're not really primaries, they're just equal. It's a bit like the move from an NT4 PDC/BDC to Windows 2000 domains where all DC's are born equal (but under the hood, some not actually quite so equal).
    Last edited by powdarrmonkey; 27th January 2009 at 04:06 PM.

  16. #13
    Butuz's Avatar
    Join Date
    Feb 2007
    Location
    Wales, UK
    Posts
    1,579
    Thank Post
    211
    Thanked 220 Times in 176 Posts
    Rep Power
    62
    While you are at replacing all your servers you should look into virtualising all your servers on to one or two high spec servers with a SAN.

    Butuz

  17. #14

    GrumbleDook's Avatar
    Join Date
    Jul 2005
    Location
    Gosport, Hampshire
    Posts
    9,881
    Thank Post
    1,316
    Thanked 1,738 Times in 1,087 Posts
    Blog Entries
    19
    Rep Power
    563
    Transfer of DHCP, I would suggest when you put it onto the new box you look at using reservations to help with easy tracking of clients. It is not as if you are likely to run out of IPs and it is good for providing an audit trial too.

  18. #15

    LeMarchand's Avatar
    Join Date
    Jan 2008
    Location
    The deepest pits of hell
    Posts
    2,020
    Thank Post
    284
    Thanked 293 Times in 213 Posts
    Rep Power
    134
    Can I just say "thanks" for the guide and everyone's comments.

    It's something I haven't got much of a clue on, but it looks as if I'll have to do sometime in the next few months.

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 3
    Last Post: 13th May 2008, 02:22 PM
  2. Replies: 4
    Last Post: 16th April 2008, 08:32 PM
  3. Migration to SIMS
    By RoyG in forum MIS Systems
    Replies: 4
    Last Post: 31st January 2008, 05:36 PM
  4. Replies: 1
    Last Post: 27th August 2006, 08:34 PM
  5. Automated Printer Server Migration
    By Dos_Box in forum How do you do....it?
    Replies: 1
    Last Post: 5th September 2005, 08:10 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •