Moving DCs between sites

[Guest]

Hello,
I have 2 AD sites and I would like to move one DC from one site to the
other. Whats the best way to do this? Just move the box and re-ip it or
should i demote it 1st then promote it after the move?

Thanks

 

[Oli Restorick [MVP]]

There's no need to demote and repromote. Just moving it and changing the IP
is fine.

However, the thing to watch for is DNS. The other domain controllers may no
longer be able to find the DC you've just moved, so you may have to manually
change the address records on other DNS servers for the DC you've just
moved. If you're using AD-integrated DNS, there's a catch-22 situation
going on.

Also, if you are using your DC to run DNS or WINS, take into account which
other PCs and servers will be using the machine for name resolution and what
the impact of changing its IP address might be.

Hope this helps

Oli

 

[Jorge_de_Almeida_Pinto]

Hello,
I have 2 AD sites and I would like to move one DC from one
site to the
other. Whats the best way to do this? Just move the box and
re-ip it or
should i demote it 1st then promote it after the move?

Thanks

NO WAY! don’t demote the DC because you just want to move it to
another site. See the steps below and also see:
http://www.microsoft.com/technet/pr...ons/b6b29ec7-8f87-4761-9e9f-fd85ffed7660.mspx

Assuming it only has the DC/GC role....

The steps to do:
* Create a copy of the NETLOGON.DNS in %WINDIR%\system32\config and
rename it to NETLOGON.DNS.OLD and move to another machine or print it
(when done you can delete the .OLD file) (also see:
http://www.petri.co.il/active_directory_srv_records.htm)
* Move the DC to the other site (see:
http://www.microsoft.com/technet/pr...ons/17af6280-573e-4043-9bd9-96fe3d13f4df.mspx)
* Change the TCP/IP settings (IP address, DNS IP, WINS IP, etc)
* Shutdown the DC
* Cleanup the DNS records that are mentioned in NETLOGON.DNS.OLD (I do
this step otherwise clients will finds this DC in the old site and try
to authenticate to it while it is in another site)(scavenging, if
enabled, will remove the records but that could take some time and
some old records will be replaced by new records)
* Cleanup connections objects on another DC the moved DC has with
other DCs and other DCs have with the moved DC (after some time the
KCC will do this as it checks it replication topology each 15 min.)
* On each DC where you removed the connection objects run "Check
Replication Topology" (see:
http://www.microsoft.com/technet/pr...elp/bb462fa2-a889-47f2-869c-2aeb06cfc5bf.mspx
and/or
http://www.microsoft.com/technet/pr...ons/f30e2a81-4e9a-454b-9fb5-20f70f6dae10.mspx)
* Move the DC physically to the other site and turn it on
* Wait about 15 min.
* run on the moved DC (the W2K3SP1 version) DCDIAG /V /C >
DCDIAG_OUTPUT.TXT
* run on the moved DC (the W2K3SP1 version) NETDIAG /V /C >
NETDIAG_OUTPUT.TXT
* Open DCDIAG_OUTPUT.TXT and NETDIAG_OUTPUT.TXT and check for errors
and if any troubleshoot

If it also has DNS role you might need to change its DNS forwarders,
delegations from other DNS servers to the DC for it DNS zones, etc.

If it also has WINS role you might need to change the replication
partners that replicate with the moved DC for WINS, etc.

You might also need to change things on other servers like DNS/WINS
IPs in TCP/IP settings or even DHCP scopes, etc.

What I really mean is: what other servers have relations with the
server you want to change the IP for and WHAT and HOW is the relation?

Hope this helps you..

Cheers,