Migrate Domain Controller to another new 2000 server

[Ivan Kan]

We have only one domain and one domain controller.

However, we found some problem in the domain controller so we plan to have a
new domain controller.

We have installed the Active Directory and DNS in the new domain controller.

So, we switch off the old domain controller, and restart the new domain
controller.

However, we found the when we open the Active Directory, the new domain
controller is not connect to the domain.

We need manual to make the new domain controller to connect to the domain.

Is that we have miss something?

Ivan

 

[SaltPeter]

We have only one domain and one domain controller.

However, we found some problem in the domain controller so we plan to have a
new domain controller.

We have installed the Active Directory and DNS in the new domain controller.

So, we switch off the old domain controller, and restart the new domain
controller.

However, we found the when we open the Active Directory, the new domain
controller is not connect to the domain.

We need manual to make the new domain controller to connect to the domain.

Is that we have miss something?

Ivan

The domain exists in the AD database of the original DC. Even if you name
the new domain excatly the same as the old domain, the new DC is managing an
entirely seperate entity. Names mean nothing in W2K (exception: DNS name
resolution), its the SIDs that matter(Security Identifiers).

Replicating a domain implies a source to replicate from. So. leave old DC
online. Join the new non-DC server as a member to existing domain. Promote
the member server to act as an adiitional DC in original domain(dcpromo).
Thats called "replicating the schema". Configure DNS on it. Then transfer
the critical FSMO roles (very important). Then check the event log for any
errors. Allow (or force) a full replication to take place before taking the
old DC offline. Check Event logs again.

 

[Hank Arnold]

In addition to what SaltPeter recommends (excellent summary, BTW), you will
have to examine all the functions that the original DC managed. DHCP is one
that comes to mind. Also, you are exposing yourself to significant problems
having only one DC. If it crashes, not only will your domain no longer
exist, you will lose your entire AD definition and configuration, requiring
that you re-build your domain completely.... If the problems with the
original DC are software related, I'd do the following:

- Build the new server
- Add it to the domain
- DCPROMO it
- install DNS and DHCP. Configure them to match the existing DC.
- transfer the FSMO's
- wait until a sync is completed
- test the new DC by stopping NETLOGON on the old DC. I'd test it for a day
or so if possible to make sure. Once you DCPROMO the old DC, AD is gone from
that machine....
- DCPROMO the old DC (assuming the new one passes).
- remove it from the domain
- re-build the server
- DCPROMO it and configure it with the required services like DNS that it
will need in the event it has to take over all the DC duties in the event
that the other DC fails.

If it's a hardware problem, get another machine (an inexpensive server or
even a desktop machine will do) and set up a second DC. Explain to the
Powers That Be that the cost of lost productivity and restoring a crashed DC
are far more than the <$1K you need to put in a serviceable second DC.

 

[Ivan Kan]

Thx for ur reply.

However, I am not very familiar to this case as the whole OS is in Trad
Chinese. I still trying to translate to English to do what I want.

Can you kindly tell me in more detail, how to transfer the critical FSMO
roles and do a full replication?

Ivan