Swapping DC 1

[psymonj]

I am currently looking at an Indiana Jones style swap of DC's. I have the old one up on the platform shining at me and the replacement in my hand ready to sit in it's place.

My question is basically:-
does anyone have any experience of this type of situation?

I have created user accounts in AD that are identical to the current DC - so there is no upset of passwords and the like. Assuming I have set up the correct profile info and such - should it be as easy as downing the current DC, replacing with the 'new' DC and then bringing the network back up?

Add to the fact that at some stage I want to join a PDC to the equation so as to allow AD replication as well as a number of other intended applications.

Any info would be gratefully received - thanks in advance.

Simon Hawes
Silvercoast Media

http://www.silvercoast.co.uk

simon@silvercoast.co.uk

 

[psymonj]

I meant BDC *oops*

Simon Hawes
Silvercoast Media

http://www.silvercoast.co.uk

simon@silvercoast.co.uk

 

[ScottCr]

erm no, not at all.

I assume the domain only has the one DC and you wish to replace it with your manually created copy?

I doubt anything will work after you do this. For one, the accounts will have different SID's and therefore even though they have the same name, they will be different.

Your DC will not have the correct ID's for the client machines, so they won't be able to authenticate.

What you should do, is demote your new DC, join it to the current domain. run dcpromo. Confirm everything has replicated. move your FSMO's across to the new domain, then demote the original DC.

http://scottcross.blogspot.com

Windows and NT Admin.

 

[psymonj]

That confirms my largest fear.

Due to the level of corruption in our current structure, I really want the joining option to be an absolute last resort.

I guess I am confronted with renaming the intended maching as a new domain and joining everyone to it?

I am not normally found to be doing this, so I apologise for being vague and thanks for the help so far!

Simon Hawes
Silvercoast Media

http://www.silvercoast.co.uk

simon@silvercoast.co.uk

 

[ScottCr]

Is the corruption in your AD? And if so how bad is the corruption?

Is restoring a backup an option?

http://scottcross.blogspot.com

Windows and NT Admin.

 

[psymonj]

Hi Scott,

There have been problems since I arrived at this company. I believe most of the issues occured when my esteemed colleague *cough* attempted to join a third server to our configuration. He was unsure as to what he was doing and as such went about it all very badly.

As a long term project, we had to adjust the FSMO roles and make many changes. Again, this was performed by another colleague. As I am working fairly in the dark as to what previously occured, I discussed at great length with my IT manager the benefits of 'clean' domain.

The unknown element was whether we could do as I badly outlined at the top of this thread. Having my fears confirmed, I am looking for new solutions.

Restoring from back up would not be of a great benefit from where I am now I fear, neither would joining the new machine to the exisiting domain.

There are too many problems with the existing domain to justify the risk.

I currently have many servers that are working independantly (mainly due to being 'pulled' from the domain).
I am in a bit of mess and fear the tide is rising!

Simon Hawes
Silvercoast Media

http://www.silvercoast.co.uk

simon@silvercoast.co.uk