New domain controller

[MarkH]

I am about to replace the existing, single DC & Global Catalog server
at a customer site with a new box. What is the simplest way of
restoring AD and GPO’s etc? I do not want to install it as an
additional DC in the domain.
Is it as straightforward as restoring the existing Sysvol share to the
new DC?
Thanks for any help.

 

[Lanwench [MVP - Exchange]]

In

I am about to replace the existing, single DC & Global Catalog server
at a customer site with a new box. What is the simplest way of
restoring AD and GPOâ?Ts etc? I do not want to install it as an
additional DC in the domain.

Why not?

Is it as straightforward as restoring the existing Sysvol share to the
new DC?

No. Make it a DC, make it a GC, and transfer all FSMO roles. What's your
objection to this? It's not time consuming - and it works.

 

[Jorge Andres Brugger]

I am about to replace the existing, single DC & Global Catalog server
at a customer site with a new box. What is the simplest way of
restoring AD and GPO’s etc? I do not want to install it as an
additional DC in the domain.
Is it as straightforward as restoring the existing Sysvol share to the
new DC?
Thanks for any help.

Anyone has cloned a server sucessfully using sysprep + ghost/trueimage/etc?

(I also dont want to install another server, because I want to preserve
the same name, etc, I just want to keep exactly the same server but on a
new hardware)

Regards!

 

[Oli Restorick [MVP]]

Hi Jorge

I'm confused. Are you MarkH replying to Lanwench's post? For sake of
argument, I'll assume so.

What Lanwench suggests is really the best way of doing this. If the concern
for having the same server name is so that client connections to the shares
are preserved, then I have a potential solution.

The combination of a DNS alias or address record linking the new server with
the original server's name and a registry hack will allow the new server to
respond to the old server's name. By default, Windows will give a
"duplicate name exists on the network" error unless the server is configured
to answer to any name.

The following KB article described the disablement of strict name checking.

Connecting to SMB share on a Windows 2000-based computer or a Windows Server
2003-based computer may not work with an alias name
http://support.microsoft.com/default.aspx?scid=kb;en-us;281308

So, to recap, I would proceed as follows.

1) Back up everything.
2) Back it up again, and test your backups.
3) Dcpromo the new server into the existing domain, using a new server name.
4) Transfer roles, and enable the new server as a global catalogue.
5) Ensure that DNS is now correctly configured, including switching to
AD-integrated DNS if this is not already done, and enabling the new DC as a
DNS server. Also, check that the new server is configured as a forwarder to
enable resolution of external addresses.
6) Test DNS again,
7) Reconfigure DHCP to hand out the IP addresses of the new DC as a DNS
server.
8) Copy data from the old to the new server.
9) When you're happy with the config, dcpromo the original server out of the
domain. Bear in mind that an AD-integrated DNS server, when dcpromoed out
of the domain, will lose its DNS config, but will still answer DNS queries.
This is not what you want.
10) Turn off/unplug the original server.
11) Implement the DNS alias and registry change, as documented in the KB.

As far as I can tell, this should achieve what you need, based on the
information you've given us. It may well be worth testing this before
implementing it on a production network, paying particular attention to DNS
and how all machines resolve DNS at each step in the process.

Regards

Oli

 

[Lanwench [MVP - Exchange]]

Hi Jorge

I'm confused. Are you MarkH replying to Lanwench's post? For sake of
argument, I'll assume so.

I think it was someone with a similar request (a "me, too")....

What Lanwench suggests is really the best way of doing this. If the
concern for having the same server name is so that client connections to
the shares are preserved, then I have a potential solution.

In addition to your sage reply - it may not even be necessary. Much can be
done to make this painless for clients - I don't use UNC paths myself
because I like the freedom that old-fashioned drive mappings give me. You
can mass-edit home directory & profile paths (easier in W2003, tho). But I
digress.