Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How To Move a Domain Controller 1

Status
Not open for further replies.
MockY

MockY

Programmer
Jul 7, 2006
94
My current Domain Controller is failing. It does still work but it's hanging by a thread. So I bought new hardware all together since the original DC is getting a bit old.

I simply wonder how I copy my domain controller (the database I assume with all the users) to the new machine. I also have slave drives that holds all the shared files and folders. I want the NTFS/Share permissions to stay the same. Could someone please be kind to point me in the right direction on how I go about to do this?
 
Sort by date Sort by votes
You need to promote the new server to a domain controller in your EXISTING domain. That will replicate the database. Then you need to transfer the various FSMO roles from the original server to the new server and make the new server a global catalog. And don't forget about moving DHCP and DNS.

Once that's done, run DCPROMO on the old server and that will allow you to demote it (properly remove it) as a Domain Controller.

As for the data, you can use several command line tools to copy over the data and maintain permissions. My old faithful is SCOPY from the NT4 resource kit, but XCOPY should do it and Robocopy is also capable of copying the files and maintaining the permissions.

-Lee

Those who ask why, learn
 
Upvote 0 Downvote
What happens with the permissions if I simply just move the hard drive to the new server?
 
Upvote 0 Downvote
PROVIDED you maintain the same domain by promoting the new server and demoting the old server, that should work as well.

Keep in mind, SHARE permissions will not copy this way. If you have those set and need to preserve them, then you can export the lanmanserver registry key and make sure you keep the EXACT directory structure on the new server AND the same drive letter. Then you can import that registry key and preserve the permissions.

-Lee

Those who ask why, learn
 
Upvote 0 Downvote
This is what I ended up doing. A massive failure...

I first physically removed the current DC of the network. I installed the same OS on the new server, installed Active Directory and named both the server and the Domain, exactly the same as the old server. I then rpopulated some of the users just to test it out. I then put the new server online and tried.

Well, even though the domain is the same name, the new DC could not be found, and the login could therefore not be proceeded.
"Well heck" I thought and even though the Terminal Server is currently a member of the domain with the same name, I again joined the TS to the domain (with the same name). Like always, I had to restart. Once that was done, I could log in with the users. However, a new profile was created upon logging in, which is NOT what I wanted.

So I simply copied everything from the old profile to the new one and tried again. Even though I could log in, absolutely nothing worked. So this plan went to heck.

Try number two:

I copied the System State (which apparently holds all the DC databases and such. I knew from the start that this would be a bad idea since not only DC information is stored in such backup, but also drivers and other things that not even remotely are the same as the new server. I went ahead and did it anyways just to see what happens.
Well all the data from the DC was copied and all the OUs and users appeared. However, no hardware worked since wrong drivers were in use. Since there is no way or reversing this, I ended up having to reinstall Windows from scratch again.

So here I am, completely lost and confused.
I will no go ahead and do what LWComputingMVP suggested and promote the new server in order to get the user data over. But I don;'t really know how to proceed. Do I join the domain with the new server, then installing Active Directories...or the other way around? And once user accounts are copied, do I have to demote the original server? In case something goes wrong, I would be able to revert back to how things were in the beginning.

It is extremely bizarre that there is no tool that ONLY copies over the DC user information, and not the entire system state. The end result would be that users could log in and use their profiles as they always have, without having to recreate the profiles from scratch.

I am very lost and in need of help.

MockY
 
Upvote 0 Downvote
You add the new server as a member server to you existing domain. Then run dcpromo on it and add it as an additional domain controller in your exisitng domain.



Paul
MCSE 2003
MCTS:Active Directory
MCTS:Network Infrastructure
MCTS:Applications Infrastructure

If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams
 
Upvote 0 Downvote
Can I simply take the other DC offline and rename the new server to be the same as the old one, as well as the same IP without screwing anything up?
 
Upvote 0 Downvote
No, the SID's are all different, etc.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
 
Upvote 0 Downvote
Which means that I'm forced to demote the main DC first. So once I have demoted the primary DC, can I rename the new server the same as the old one? If not, what should I do in order to make this possible?

The DC is a file server as well, and using another name for the file server would screw up all my scripts and network shares. I could redo it but it would be easier not to.
 
Upvote 0 Downvote
I have decided to run the new DC in a Virtual Machine. That way I can always make backups the way I want without worrying about hardware. When ever it is time to upgrade or move the DC to a new machine, hardware issues are not likely to occur as it is now.
Though I still need to figure out how to move the current DC, going back to my previous post.
 
Upvote 0 Downvote
Though I still need to figure out how to move the current DC, going back to my previous post
Click to expand...

You have already been told how to do this. You add your new (virtual) server to your existing domain as a member server, you then run dcpromo on it and add it as an existing domain controller for your existing domain.

See this link for more info, which by the way you could have find by using Google;

Step-by-Step Guide to Setting Up Additional Domain Controllers

Paul
MCSE 2003
MCTS:Active Directory
MCTS:Network Infrastructure
MCTS:Applications Infrastructure

If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams
 
Upvote 0 Downvote
i dont want to be cheeky - but you need to take your time and read the books and advice first

from the sounds of your environment - i dont think you want to run a virtual dc - the best backup of a dc is another one - as it's replicated

dont understand what you mean take backups the way i want ?
 
Upvote 0 Downvote
I am facing a similar situationher.........i didnt managed yet to rename the new one as the old,and changing back the old ip.What i did:prepare my domain on the old Dc with adprep.Then i install winsrv on the new dc with out adding it into domain.I named the new one as the old one(since i renamed the old one).I rename the old Dc with netdom and check if all worked fine(and they did).Now i added as member server the new one into my existing domain.I transfered the 5 roles(see FSMO transfer) to the new one, and now my new one was the "PDC".Now all worked fine, my users,replication,security.Then ive tried to change the ip of the new Dc as the old one ip(after i turn off the old one)It worked fine.The thing is that after i stopped the replication from sites and services,also delete the old Dc from AD users and computers...then........BOOM????cant find the dns,domain controller etc.Thank God i was doing it in a testing env.Now iam also stuck here.If the name/ip is different all works fine. There must be somewhwere in DNS or registry or....i dont know,something that has to be deleted.After i tried to start the old one and also change the ip of the new one(before deleting the replication :-D),it worked,but i need to remove that server...Heh the worse is the i have an exch server on the old one.
Any hint,help,advice,recomentation will be appriciated
 
Upvote 0 Downvote
.....Sorry for reopening an 'old' thread.I've managed to add my new 2008 server to my domain with the name of my old DC.(I've already renamed the old one).I didnt seized the old one yet(roles transfered ok).In a previous test when i reached at this point, and tried to change the ip i had problems.Now i was thinking if i add a dns 'A' record in my new server that will pointing to the old name/ip will my users/apps be able to locate the new one?Although i already changed the name for the new one?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
727
goombawaho
goombawaho
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
444
fightaccording
fightaccording
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
217
ADB100
ADB100
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
425
DTGMI
DTGMI
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
540
fredmartinmaine
fredmartinmaine

Part and Inventory Search

Sponsor

Back
Top