Replace first intalled domain controller 3

[pinkpanther56]

I'll soon be replacing a domain controller i've done this before but this DC was the first in the forest and holds FSMO roles (i know how to transfer the FMSO's) and was the first DNS server.

I've read a few articles and searched for some answers but i've just got a couple of concerns that i hope someone can clear up.

1. Is there anything i need to do to move DNS or will it all be replicated when i join the new DC and install active directory integrated DNS?

2. Do i need to designate the new DNS as the new primary or does this not matter in AD DNS?

3. I assume after this that i need to change my DHCP settings so my clients point to this as their primary DNS?

4. Is it not recommended to change the new DC’s IP to the same as the old one after install?

Have i missed anything regarding DNS?

Thanks for any input.

 

[dearingkr]

I think the sequence is going to be very important.
[ol]
[li]Add NewServer to the domain[/li]
[li]Promote NewServer to DC[/li]
[li]Configure DNS on NewServer[/li]
[li]Configure DHCP on NewServer[/li]
[li]Authorize DHCP on NewServer[/li]
[li]Transfer FSMO roles[/li]
[li]Demote OldServer[/li]
[li]Remove OldSerever from domain[/li]
[/ol]

MCSE CCNA CCDA

 

[58sniper]

What have you searched for here? This has been discussed DOZENS of times.

Pat Richard
Microsoft Exchange MVP
Contributing author Microsoft Exchange Server 2007: The Complete Reference

 

[pagy]

I would add a 2a to what dearingkr said;

2a - Make new DC a global catalog

Paul
MCSE 2003
MCTS:Active Directory
MCTS:Network Infrastructure
MCTS:Applications Infrastructure

If there are no stupid questions, then what kind of questions do stupid people ask? Do they get smart just in time to ask questions?
Scott Adams

 

[gmail2]

1. Is there anything i need to do to move DNS or will it all be replicated when i join the new DC and install active directory integrated DNS?

Like dearingkr said, just install DNS on the second DC as AD integrated. Then remove from the old one

2. Do i need to designate the new DNS as the new primary or does this not matter in AD DNS?

AFAIK, all DNS servers are equal in AD, so there's no need to mark one as primary

3. I assume after this that i need to change my DHCP settings so my clients point to this as their primary DNS?

Yes, you'll need to change your DHCP scope/server options (depending on how you configure it)

4. Is it not recommended to change the new DC's IP to the same as the old one after install?

This isn't necessary ... you're not trying to replace the DC exactly like for like ... this would be pretty much impossible. Instead you're adding a new DC and then removing an old one. Companies do this all the time ... sometimes it's only a few weeks between adding the new and removing the old, or sometimes it could be a year or longer

It's no big deal, just do like dearingkr and pagy suggested and you'll be fine

Good Luck

Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau

 

[pinkpanther56]

Pat, i searched for replacing a DC and there was a quite a few articles out there but i was a bit unsure on the DNS bit so i thought i'd post before rather than after.

 

[58sniper]

1. Nothing else to do

2. If it's AD integrated, there really is no "primary"

3. Correct

4. It doesn't really matter. I usually don't.


Pat Richard
Microsoft Exchange MVP
Contributing author Microsoft Exchange Server 2007: The Complete Reference

 

[pinkpanther56]

Ok the new DC seemed to go through the promotion process ok i don't see any errors in the event log. The netlogon/sysvol folder contents has been copied over from the other DC but they haven't been shared.

Any ideas how i go about solving this, i don't want to just create the manually.

Thanks.

 

[gmail2]

Are you definitely looking at the right location? If there are no errors and the promotion went fine, then I would have thought that the shares were created. Best way to check is to open an MMC console and add the "Shared Folders" snap in and see if the SYSVOL and NETLOGON shares are there

If they definitely haven't been created then I'm not too sure how you would go around this as I've never created them manually. But my first thought would be to reinstall AD (demote and re-promote)

Good Luck, and let us know the result

Irish Poetry - Karen O'Connor
Irish Poetry and Short Stories - Doghouse Books
Garten und Landschaftsbau

 

[pinkpanther56]

Sigh thanks for the reply they appeared eventually i didn't expect it to take over an hour over a fast LAN connection; apparently it finished all replication before the netlogon service creates the shares. I checked and all of the content seemed to be there but still no shares so i was panicking but prematurely it seems.

Cheers.

 

[Davetoo]

Replication isn't instant. ;-)

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.