nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Need to replace a DC

dfranc

So one of our branch offices requires an upgrade to their server. So my plan is to build a 2012 R2 Domain Controller, log into their 2003 sbs server (they don't use any other applications like SharePoint or Exchange) copy all the settings and then ship it out to them, to replace their old server. Seeing that its a replica, will they be able to plug and go? What about FSMO roles? There are only 4 users in this office.

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

shochan

dcpromo that box...or start fresh...I was able to migrate AD from a 2003 SBS to 2012 w/o issues back over a year ago.

dfranc

I`m miles away from the branch office. So I was hoping to build from fresh in my office and just copy everything the same as the old server and ship it up to them.

PJ_Sneakers

When you say copy all the settings, do you mean that you want to just go setting by setting and manually duplicate things? Users, computers, group policies, etc?

Are you all on the same domain? Or is this a standalone domain in the branch office?

dfranc

This is a standalone domain in a branch office. I thought if I replicated the ip address, server name and domain, DNS RAS, (The old server does not have DHCP) that I could then ship it out for them to swap it over with the old one.

PJ_Sneakers

That's not going to work like you envision. You are actually creating a completely different domain doing that.

Join the new server to the old domain, and promote the new server to a DC. Move all of the roles, shares, and whatever over to the new server. Then demote the old DC and take it offline.

dfranc

All that work for 4 employees? They will have to get a local IT guy in then. I thought I could do it at our main office and ship it to them, or at least do all the configuration for them.

shochan

It will be good experience to do it

PJ_Sneakers

dfranc wrote: »

All that work for 4 employees? They will have to get a local IT guy in then. I thought I could do it at our main office and ship it to them, or at least do all the configuration for them.

You can handle it, this is stuff you learned to get your MCSA. Dig deep!

alias454

dfranc wrote: »

All that work for 4 employees? They will have to get a local IT guy in then. I thought I could do it at our main office and ship it to them, or at least do all the configuration for them.

Sounds like fun, not to mention you will learn something so when you have to do it when there are 1400 employees it won't be a problem.

gc8dc95

Put a fresh image on the new server. Send it there, have someone plug it in, and then finish it remotely. I have done it lots of times.

dfranc

Can that be done within working hours? Or out of hours?

MariusRZR

You can do that within working hours. After you promote the Domain Controller, you can transfer the FSMO Roles and then demote the old one. ( If you just turn it off, it will still show up under Domain Controllers in AD)
You will also have to change the DNS Settings on the workstations to reflect the new IP of the DC/DNS Server.. Or, if you could afford some downtime, after you turn off the old one, assign the same IP Address to the new one.

Someone correct me if I've said something dumb. I don't think so, but it's always nice to check:)

dfranc

I believe this is correct. I will be shutting down the old server in order to use the same static address. I would also need to move the DHCP settings from the 2003 server to the 2012 server correct?

Lexluethar

You should be able to do this remotely - depending on the server you are shipping out there it should have a remote management port (idrac, iLo, ect). All you would need to do is do a fresh install of server 2012 R2 (no dcpromo), configure the remote management port with the proper IP for your branch and ship the server. Walk someone through plugging in the proper ports (configured for remote management) and finish up your work after hours.

I heard you wanting to 'move files and settings' but i didn't see to what extent data is on this server. It's a branch so it probably doesn't have any FSMO roles right? Probably just a GC server to allow logins. Maybe you have files locally which you can simply just copy after everything is done.

I'm literally doing the same thing except i'm doing it on virtual machines and we have 2008 R2 in our branches - i'm replacing it with 2012 R2.

ASSUMING NO FSMO roles are installed and no local data:
1. run dcpromo on the older server, remove it from being a DC in the domain - restart
2. remote ADDS and DNS from the server - restart
3. remote server from AD - restart
4. cleanup AD - remove the disabled computer object as well as the server in Sites and Services if it's still there
5. Change IP settings on new server to match old one
6. Change DNS settings to match old one
7. Promote the new server using the GUI (dcpromo doesn't work in 2012 r2)
8. Done

The big thing here is if there are local files (let's say home directories) then after you get the new server configured you will want to add the same roles (say DFS or file services) and copy the home directory stuff.

In my environment we have the regional DC's handing out DHCP as well, i simply backed up the DHCP settings and leases - imported into the new server and i was done.

mudflaps

dcpromo y/n to proceed
y
dc promoted pls exit

Lexluethar

Nope mudflap, you cannot use dcpromo on a 2012 R2 server it's done through the GUI. You will get an error saying dcpromo isn't available.

shochan

This link might help you along: I know it says 2008, but it is similar to 2012...You might see if you can dig up the 2012 white paper for any caveats.

Migrate Server 2003 to 2008R2 Active Directory and FSMO Roles | Zwiegnet Blog

Best of luck!

mudflaps

Lexluethar wrote: »

Nope mudflap, you cannot use dcpromo on a 2012 R2 server it's done through the GUI. You will get an error saying dcpromo isn't available.

I was only kidding, hah