DC Plan of action

hey guys here is my plan. I am doing it this saturday.

1. I have built a 2003 R2 SP2 server
2. joined the domain
3. running DCPROMO on it first and making sure DNS is working good
4. turning off old dying DC
5. changing the IP Address from old dying DC to new DC
6. testing
a. logins from workstation to new DC
b. emailing from my outside email into our network from outside in
c. test inside emailing

7. if this works and test good then I am good to go

I was worried aboutthe IP address being the same. I want to keep the same IP address because the IP address of old dying DC is hard coded into
our ASA rules.

is this good or am I missing something. I just dont want to miss anything.

8. going to demote old dying DC from my domain once I test everyting with new DC then I will demote the old dying DC.

is this good guys?

thanks

Find more posts tagged with

Comments

blargoe

don't forget to transfer over your FSMO's after you promote the new domain controller

itdaddy

thanks blargoe

i wasnt sure if the ip address mattered or something but
will change on both DCs so they can work just didnt know if some how
AD integrated the IPs ahah You never know with MS$$
my bet was it wouldnt matter but wanted to get some advice from you
experts. thanks man..will tell you how it turns out

ChooseLife

itdaddy wrote: »

5. changing the IP Address from old dying DC to new DC
...
8. going to demote old dying DC from my domain once I test everyting with new DC then I will demote the old dying DC.

the outcome of these two steps may not match your expectations... my advice is to never change DC's IP address once it has been promoted, and update ASA rules instead.

itdaddy

choose life but serious..well the asa of course has object names that be changed but theyonly correpsond to the ip address of this ldap server.
the asa is only forward ldap service via IP.

and in DNS the ip is used. Do you think that the IP tied tothe old Dc matters or is some how integrated in the GUID creation of somthing like that. can you explain. to me it looks textbook to keep same IP since everything including workstation IP addresses are tied to the IP. seems like this is the correct option because you wouuld have to change every workstation and everything on the network that uses this ip address. just to me change the name to correspond to the ip and it should query the new DC for ldap infor??

can you exlaborate on your opinion. I would like to here it bud thanks for giving me your opinion.

itdaddy

question guys:

why cant I run the new DC with the old IP address
and at the same time shut the old DC off so no IP conflict?
I do not want to demote the old DC until I know the new one works
with the old IP addresses. Does this sound logical?

ChooseLife

i understand replacing the DC and keeping the old IP would make your life easier, but there is a high risk that the AD will break in the process. i tried this in a test lab before and it did not work, even though i did a fair bit of clean up in dns and adsiedit in the process...

ChooseLife

itdaddy wrote: »

why cant I run the new DC with the old IP address
and at the same time shut the old DC off so no IP conflict?
I do not want to demote the old DC until I know the new one works
with the old IP addresses. Does this sound logical?

Because the AD-integrated DNS has records of the old DC with the IP, and so adding DNS records for another DC with the same IP is not kosher... Even though you shut the old one down, unless it's demoted, its information remains in the AD and replication attempts between the two will continue.

Daniel333

Certainly snag those FSMO roles, also of course wait to ensure replication has completed.

I would place a DNS server on the IP address of the old DC if you are not sure if someone might be using it. Enable logging, come back in a couple days. If it's not been used, then shut it dowm.

Is Exchange in the envionment? How about your IAS server for that Cisco ASA?

itdaddy

This is my dilemma.
our network on many workstations are alread configured to that IP of the old DC? it is going to be crazy work to convert over to the new DC due to many things are using this IP address? OMG the work to change everything over to thew new IP address. we have static everything we are afinancial and are suppose to have static IPs

crrussell3

itdaddy wrote: »

This is my dilemma.
we have static everything we are afinancial and are suppose to have static IPs

Why do you say that? I know Wells Fargo doesn't use static ip addresses on their workstations. I know plenty of small banks that don't either.

BrizoH

crrussell3 wrote: »

Why do you say that? I know Wells Fargo doesn't use static ip addresses on their workstations. I know plenty of small banks that don't either.

Even if it's for auditing purposes, I'd rather reserve IP's in DHCP for ease of management than configure statically

itdaddy

okay my bad our Unix system needs or was setup with IP addresses in its host file and that each machine has to have a static IP because the terminal number jives with the ip address. it is weird but I have heard many have DHCP but I know each IP jives with a terminal on the host system.....

I would love to talk to financials with DHCP nonetheless I will have to change each one by hand

RTmarc

ChooseLife wrote: »

i understand replacing the DC and keeping the old IP would make your life easier, but there is a high risk that the AD will break in the process. i tried this in a test lab before and it did not work, even though i did a fair bit of clean up in dns and adsiedit in the process...

No there's not. As long as DNS is updated accordingly, you can change the IP address without worry.

http://technet.microsoft.com/en-us/library/cc758579%28WS.10%29.aspx

As long as you remove the old DC (dcpromo, remove from DNS, etc.) then you have nothing to worry about. I've done this very same thing multiple times. Since you have more than one DC, it makes it even easier.

The DHCP thing is another discussion. I'd rather use DHCP reservations over static IP addresses.

itdaddy

sweet..I am going to image it 2x both c and d drive before I attempt this.
I plan to make sure to demote it and then wait and then check the other DCs to make sure all meta data cleaned up..

then I will promote new cd with same ip...

and if it funks out; haha I will restore and call in some help..but I have done before just along time ago..seems straight forward...

thanks guys for all your guidance you are so cool!
beers on me

Budzy

Hi ITdaddy,

You mention about your old DC ‘dying’. Just a quick question; is this due to unreliable/old hardware?

It’s just you mentioned in your last post about imaging the disk volumes just as a backup. So if this is the case, was thinking you could perhaps try simply restoring this image onto the new hardware (providing the imaging software has some sort of universal restore facility like Acronis does). In this case you would only need to install the hardware drivers, configure the NIC and give the box a once over etc.

I know this isn’t the cleanest way of doing things, but I’ve successfully performed this operation in the past as a quick-fix solution for when a DC has gone down in the middle of a working day or if it’s randomly generating a hardware related BSOD.

If you have other software related issues with the current DC, or if you’re wanting to learn from this experience for Microsoft server exams then please ignore my post.

Best regards,

Budzy.

itdaddy

YO dudes...

we did a vmware convert on this DC and 100% perfect no active directory issues none!

WORKED AWESOME. saved my butt! hahah
thanks guys for all your help....

Budzy

the reason I am imaging or did image was because in case of the conversion to vm would corrupt the dc I have heard of this happening. and if the convert failed but corupted the dc i could restore and try again with something else.

Budzy

Glad you found a good working solution for this.

itdaddy

OMG it was sick 35 minutes and hold my breath and bam converted it right to the data store HOT and bam turn on added vmware tools reboot bam! done. I couldnt believe it I was jumping up and down.hahhah really I was..
This DC was interwoven with the firewall and proxy offsite server ect..uses the certifcation services and everything wasnt sure what else but it was the first dc in the network and now is converted to vm perfect.

next is a mail exhange 2003 server will do that one COLD booting to vmware convert CD and do it that way..heard many good things about that. I will report back. I do use shadow protect software first to image then i play

and pray! HAHAH
doing 8 conversion s this year voice server included