DC Replication / Disaster Recovery

[A. Zhenia]

Hi folks,

I am an administrator in an educational institute and I have the
unfortunate task of having to clean up after all the previous
administrators.

The institute has 3 servers. The web and student file server are
running on redhat gnu/linux. The domain controller runs on windows
2000 advanced server.

I 'll try to divide the problems I've encountered in parts:

1) One of the previous administrators had the 'brilliant' idea of
using real ip's for the internal network. The domain controller which
also runs exchange and DHCP is 'handing' out IP's to the clients in
the range of 194.xxx.xxx.xxx. Is it possible to change the IP address
of domain controller?

2) The domain controller is based on an Intel server with dual 1GHz
PIII processor and Intel raid card connecting four SCSI hot-swapable
seagate hard drives, 2x18GB and 2x36GB. The plan was to have the
system running on the 18Gb array on raid configuration 1 and the data
on the 36GB array. The problem is that the person who set up the
system rightfully made the 2x36 GB disks in a raid 1 array but for the
system disk he used only one drive and the other 18GB was left doing
nothing. The only way I know to connect these two drives in a raid 1
array without losing any data is to use the windows based Intel
utility for its raid card but in order for that utility to work I need
to update the firmware on the raid card and this is not something I
would like to do in case something goes wrong. The other solution I
thought of was since I had a 3rd 18GB disk identical with the others,
was to make a ghost image of the system drive and have that in case
something went wrong with updating the firmware of the raid card. When
the ghost image completed I had two identical drives with the same
number of files/folders/bytes. I then tried to boot the domain
controller from the new image but this process gracefully failed with
the error "Cannot load directory services.....". The reason for that
error I thought it had to do with drive letter assignments so I
thought to myself I would enter directory services restore mode as a
machine adminstrator and change the corresponding drive letters but to
the correct ones. To my horror I discovered that no one new the
machine administrator password!!! Three other admins have come and
gone since this dc was originally setup hence there is no way of
finding out the password. I thought of using one of these one disk
linux distros to reset the password but there is the potential, albeit
small, to destroy the sam file. This a risk I was not willing to take.
So I am here with a domain controller supporting the whole institute
running on one system drive which is already 3 years old. Can you
suggest of a solution on how to succesfully mirror this hard drive?

3) The institute has just purchased a new compaq proliant ml350 dual
xeon server and I thought this would be a nice opportunity to
replicate the old dc on the new server and then use the old one as a
new student server. I know that in order to replicate a domain
controller you can either do it over the network after ofcourse
installing the operating system and promoting it to domain controller
or by using a full system backup and restoring it to the new system.
My problem is I know that this process will work if the server is
just a domain controller. The machine I want to replicate runs other
services as well such as Exchange DNS and DHCP what will happen with
them?

I apologise for the length of this posting but I am desperate

Kind regards,

A. Zhenia

 

[Brian Desmond [MVP]]

Hi,

I'll try & answer everything I can. My answers are inline:

--
--Brian Desmond
Windows Server MVP
(e-mail address removed)12.il.us
Http://www.wpcp.org

1) One of the previous administrators had the 'brilliant' idea of
using real ip's for the internal network. The domain controller which
also runs exchange and DHCP is 'handing' out IP's to the clients in
the range of 194.xxx.xxx.xxx. Is it possible to change the IP address
of domain controller?

Open the DHCP utility and create a new scope which uses private IPs - the
10.X.X.X range would probably be best. You'l have to update any statically
addressed servers to the new subnet, as well as firewall rules pointing to
the old IPs, etc.

2) The domain controller is based on an Intel server with dual 1GHz
PIII processor and Intel raid card connecting four SCSI hot-swapable
seagate hard drives, 2x18GB and 2x36GB. The plan was to have the
system running on the 18Gb array on raid configuration 1 and the data
on the 36GB array. The problem is that the person who set up the
system rightfully made the 2x36 GB disks in a raid 1 array but for the
system disk he used only one drive and the other 18GB was left doing
nothing. The only way I know to connect these two drives in a raid 1
array without losing any data is to use the windows based Intel
utility for its raid card but in order for that utility to work I need
to update the firmware on the raid card and this is not something I
would like to do in case something goes wrong. The other solution I
thought of was since I had a 3rd 18GB disk identical with the others,
was to make a ghost image of the system drive and have that in case
something went wrong with updating the firmware of the raid card. When
the ghost image completed I had two identical drives with the same
number of files/folders/bytes.

You could also just chuck the ghost image onto the 36GB partition ... the
image will be compressed, and less than 18GB by far.

I then tried to boot the domain

controller from the new image but this process gracefully failed with
the error "Cannot load directory services.....". The reason for that
error I thought it had to do with drive letter assignments so I
thought to myself I would enter directory services restore mode as a
machine adminstrator and change the corresponding drive letters but to
the correct ones. To my horror I discovered that no one new the
machine administrator password!!! Three other admins have come and
gone since this dc was originally setup hence there is no way of
finding out the password. I thought of using one of these one disk
linux distros to reset the password but there is the potential, albeit
small, to destroy the sam file. This a risk I was not willing to take.
So I am here with a domain controller supporting the whole institute
running on one system drive which is already 3 years old. Can you
suggest of a solution on how to succesfully mirror this hard drive?

You can reset the restore mode password with ntdsutil. Take a look at
http://www.jsiinc.com/SUBL/tip5600/rh5694.htm.

3) The institute has just purchased a new compaq proliant ml350 dual
xeon server and I thought this would be a nice opportunity to
replicate the old dc on the new server and then use the old one as a
new student server. I know that in order to replicate a domain
controller you can either do it over the network after ofcourse
installing the operating system and promoting it to domain controller
or by using a full system backup and restoring it to the new system.
My problem is I know that this process will work if the server is
just a domain controller. The machine I want to replicate runs other
services as well such as Exchange DNS and DHCP what will happen with
them?

You'll need to install the new machine as an additional domain controller
(via the dcpromo wizard), and then transfer the FSMOs (along with making it
a global catalog). For DNS, if its active directory integrated (which it
should be), you won't have to do anything. For DHCP, try this:
http://www.ntfaq.com/Articles/Index.cfm?ArticleID=13473. For Exchange,
you'll need to install Exchange2k on the new box, joining the current
organisation, move the mailboxes, and replicate the public folders. I'd
recommend that you try and leave the original box as a DC & DNS in order to
provide redundancy & load distribution.