Replacing a dc which is the pdc emulator in the domain.

[Guest]

The hardware on our win 2000 dc is outdated, with absolutely no disk space on
the c partition .I am in the process of replacing this server with a new
Hardware box.
The cuurrent dc holds the following roles PDC role ,RID pool manager and
Infrastructure owner. This dc also runs DHCP and DNS. This machine also holds
the domain security policy. All the other servers have this servers ip
address in their tcp/ip dns properties.
Wha are the steps that I need to take in order to replace this machine ,
with the new DC, without having to make any major changes to any other
machines in my network.
I know that I will have to install new server with win 2000, install active
directory add it as a dc in the existing domain.
After this should I first transfer the roles or add dns first or transfer
dhcp.
Will the new server automatically have the old domain security policy. What
do I need to do in order to run login scripts. Will the windows time service
be affected in any way, since all the servers synchronise the timeclock( for
kerberos authentication).
Finally can I change the ip of this new dc to that of the old one , once I
demote the existing dc to a member server, change its ip and shut it down.

Thank You

 

[Herb Martin]

The hardware on our win 2000 dc is outdated, with absolutely no disk space on
the c partition .I am in the process of replacing this server with a new
Hardware box.

You can still upgrade the existing "computer"
(from an OS perspective) if you wish.

There are also ways to get more space on practically
every C: drive (unless you already use ALL of the tricks

The cuurrent dc holds the following roles PDC role ,RID pool manager and
Infrastructure owner. This dc also runs DHCP and DNS. This machine also holds
the domain security policy. All the other servers have this servers ip
address in their tcp/ip dns properties.

Then you will need to transfer the roles and establish the
(Primary) DNS server on another server machine (also
update the clients to use that other, or other DNS servers.)

Wha are the steps that I need to take in order to replace this machine ,
with the new DC, without having to make any major changes to any other
machines in my network.

How about you just upgrade it to new hardware?

1) Backup (at least system state)
2) Restore it to the new hardware
3) Perform a "Repair Install" from the original CDRom
(this straightens out practically any hardware issue)
4) Perform all updates from Windows Update etc.
5) Optionally upgrade to Win2003 server (at some point)

I know that I will have to install new server with win 2000, install active
directory add it as a dc in the existing domain.

That's another method, and also a good idea anyway,
but there is practically no reason to give up your current
"computer install" on the DC.

After this should I first transfer the roles or add dns first or transfer
dhcp.

You will need to have the DNS (and probably the DHCP
working) so you will at least need to ADD them to the
new server and update the clients to reflect the new DNS
server (maybe through DHCP.)

Will the new server automatically have the old domain security policy. What
do I need to do in order to run login scripts.

Use the current DC or an ADDED DC -- replication will
copy the scripts and GPOs (Part of SysVol) as well as
Active Directory to any additional DCs for the Domain.

Will the windows time service
be affected in any way, since all the servers synchronise the timeclock( for
kerberos authentication).

Probably not, but the master time is from the PDC Emulator
so if you transfer those roles (or just keep the current DC
running even on new hardware) then that will work as it does
now.

All machines should be set to update from their DC, and all
DCs will continue to update time from the PDC Emulator --
you should ensure the time on THAT DC is correct (atomic
clock etc.)

Finally can I change the ip of this new dc to that of the old one , once I
demote the existing dc to a member server, change its ip and shut it down.

If you are determined to do the above, it will
be easier to just upgrade the current DC.

 

[Guest]

Thank You for taking the time to reply to this question,
Well the final goal is to add a win 2003 server to this domain, and I
basically wanted to install sp4 on the 2000 dc so that I could then run the
addprep and forestprep commands , there is only 300 mb free space on the c
drive( NO This server wasnt installed by me, I inherited it , the program
files directory has already been moved.

When you ment upgrade hardware, did you mean install the new server, and
then restore system state to this server and then do a repair install , ( for
that dosent the computer name need to be the same , since system state will
also restore active directory) .

And yes I do plan to use the existing dc, just as a backup in case any of
my other dc's fail.

Thx
JC.

 

[Herb Martin]

Thank You for taking the time to reply to this question,
Well the final goal is to add a win 2003 server to this domain, and I
basically wanted to install sp4 on the 2000 dc so that I could then run the
addprep and forestprep commands , there is only 300 mb free space on the c
drive( NO This server wasnt installed by me, I inherited it , the program
files directory has already been moved.

How large is the System volume?
What else is on it?

Have you remove/move all User profiles (Documents and Settings)?

How about removing old %systemroot%\$xxx uninstall directories?

How about log files for Web servers, FTP etc? (These can get
really large over the years if you never pay attention to them....)

How about temp directories?

When you ment upgrade hardware, did you mean install the new server, and
then restore system state to this server and then do a repair install , ( for
that dosent the computer name need to be the same , since system state will
also restore active directory) .

That is a possibility but actually what I meant is what I
detailed: Restoring the OS to the new machine (however
you have to do that.)

1) Backup (at least system state)
2) Restore it to the new hardware <<<<<<<<<<<<<<<<<<
3) Perform a "Repair Install" from the original CDRom
(this straightens out practically any hardware issue)
4) Perform all updates from Windows Update etc.
5) Optionally upgrade to Win2003 server (at some point)

And yes I do plan to use the existing dc, just as a backup in case any of
my other dc's fail.

Ok, but such DCs remain online (they pretty much must do so)
and so not only provide backup but may assist actively.

 

[Guest]

Mr. Martin,

Thank You for replying to this message. Sorry I couldnt go ahead and restore
the OS to the new Hardware instead,
I have installed the new server as a domain controller in the domain.(Done a
clean install)
About role transfers, and moving/removing dhcp and dns from DC1(old).

Can I do the following steps in part.
If I just transfer the roles today and over the weekend install dns on
DC2(new server). Will this have any consequences or does everything need to
be done at the same time ?
Move DHCP Server from DC1 to DC2 using KB Article
http://support.microsoft.com/default.aspx?scid=kb;en-us;130642

This is the part that I want to do last .
Then Install Dns on DC2 , change the DNS Server settings in DHCP Scope
Options. And also change the Dns Server Ip address TCP/IP Properties for all
servers having static Ip address. Followed by issuing ipconfig/flushdns and
ipconfig/registerdns on all servers and clients.

How do I remove the Active Directory Integrated Zone from DC1.

Please advice as to what way would be the best path for our network here.
I do realise you would be saying why why do these folks walk these paths,
well this is a production network and unfortunately I have no support from
people up the ladder( in short I am trying to save my own .....(life)

Thx
JC.

 

[Herb Martin]

Mr. Martin,

Thank You for replying to this message. Sorry I couldnt go ahead and restore
the OS to the new Hardware instead,
I have installed the new server as a domain controller in the domain.(Done a
clean install)
About role transfers, and moving/removing dhcp and dns from DC1(old).

Can I do the following steps in part.
If I just transfer the roles today and over the weekend install dns on
DC2(new server). Will this have any consequences or does everything need to
be done at the same time ?
Move DHCP Server from DC1 to DC2 using KB Article
http://support.microsoft.com/default.aspx?scid=kb;en-us;130642

You need to have DNS working. This isn't really a choice
for AD domains -- so if DNS is working now, you can wait,
but if not, you must get it working.

A Domain (or Forest) can funtion without role holders for
"a while" except propobably for the PDC Emulator of each
domain -- without it many things will deteriorate or stop
working but the worst is cross-subnet and cross-domain
browsing which stops working within about an hour.

This is the part that I want to do last .
Then Install Dns on DC2 , change the DNS Server settings in DHCP Scope
Options. And also change the Dns Server Ip address TCP/IP Properties for all
servers having static Ip address. Followed by issuing ipconfig/flushdns and
ipconfig/registerdns on all servers and clients.

How do I remove the Active Directory Integrated Zone from DC1.

You just remove it from the DC's DNS console but if it
will remain a DC there is NO point in doing that since
the info will always be in the (win2000) DCs AD.

Most important is to make sure that DNS clients (including DCs)
are pointed to the current (working) DNS servers before you start
removing or disabling DNS on the servers they have been using.

Please advice as to what way would be the best path for our network here.
I do realise you would be saying why why do these folks walk these paths,

Mostly because of requests for "best" when people are
trying to do things which are sub-optimal. <grin>

It's a contradiction in terms.

well this is a production network and unfortunately I have no support from
people up the ladder( in short I am trying to save my own .....(life)

Then don't make it hard on yourself when that can be avoided.