Re: [ActiveDir] Changing Hardware for DC
Thanks for all of the info and tips. I will be doing this in a few weeks and will let you know if I turn up anything that may be of interest to the group. AM2K4 - Original Message - From: "Mark Caldwell" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, December 10, 2003 12:19 PM Subject: RE: [ActiveDir] Changing Hardware for DC Rich, I sent a mail to you the other day (you're A-B's account). Give me a ping if you get a sec. :) Mark C. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn Sent: Tuesday, December 09, 2003 6:07 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Changing Hardware for DC In early days, in a lab, I rebuilt a few DCs before I remembered about demoting (i.e. I blew them away) and learned ntdsutil the hard way. But since then I have demoted a number of them and not had a problem. However, while searching for something else last night, I ran across a couple of TechNet and JSI articles about using the /FORCEREMOVAL switch on DCPROMO for when a DC just doesn't cooperate... here maybe this will save you the trouble of searching (and keep you from actually needing them! :) http://support.microsoft.com/default.aspx?kbid=332199 http://www.jsiinc.com/SUBN/tip6700/rh6741.htm your DNS records should be taken care of if DNS is working correctly. Do transfer the FSMO roles off first as you mentioned. If you haven't done them before, they're pretty straight-forward except for the schema master role. You have to register a dll to use the graphical schema tool (you can use ntdsutil but it can be intimidating if you haven't used it much before). This article goes through all the roles, just in case. http://support.microsoft.com/?kbid=255690 good luck - Rich -Original Message- From: Joe [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 8:51 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Changing Hardware for DC Interesting on your demotion experience. I have been running AD and large numbers of domain controllers since the bloody oem days and can't say I have experienced what you have experienced. I have run into a couple of DCPROMO's into DC's before where the SPN didn't make it into the main part of AD but never a failed demotion. If the machine was functioning and had dns entries I could demote. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Wednesday, December 03, 2003 8:43 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Changing Hardware for DC This should work just fine. A couple of things to watch for, though: 1. Wait a while after the demotion of each DC before you rename it. Make sure your AD has replicated fully. 2. Back in the early days of AD, I did a lot of this sort of thing in the lab and found that demoting a DC to a member server was a crap-shoot. Many times the demotion would fail, and I'd be in for a long session with NTDSUtil to clean up. That was in the SP1 days, though - things may be better now. An alternate method of doing what you want would be to do a full backup, then a restore on the new hardware. I think I like your method better, though. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Man Sent: Tuesday, December 02, 2003 11:47 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Changing Hardware for DC Hello, I need to replace a few DC's with new hardware. I MUST be able to use the same machine name and IP address for the new server so I will need to take the old server down and bring the new up in its place. These are the FSMO holders so I just want to make sure there are no unforeseen issues with doing this. A few additional notes: These DC's are the FSMO's and DNS is on Bind 8. Rough plan: Old server: -Transfer roles off to another DC -SystemState backup? -Demote old server -Change name -Change IP New server: -Assign 'old' Name -Assign 'old' IP -DCPromo New server -Transfer roles back -Etc, etc. What am I missing, do I need to do any kind of DNS cleanup first or this will happen dynamically? Any thoughts? Thanks, AM _ Shop online for kids' toys by age group, price range, and toy category at MSN Shopping. No waiting for a clerk to help you! http://shopping.msn.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archi
RE: [ActiveDir] Changing Hardware for DC
Rich, I sent a mail to you the other day (you're A-B's account). Give me a ping if you get a sec. :) Mark C. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Milburn Sent: Tuesday, December 09, 2003 6:07 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Changing Hardware for DC In early days, in a lab, I rebuilt a few DCs before I remembered about demoting (i.e. I blew them away) and learned ntdsutil the hard way. But since then I have demoted a number of them and not had a problem. However, while searching for something else last night, I ran across a couple of TechNet and JSI articles about using the /FORCEREMOVAL switch on DCPROMO for when a DC just doesn't cooperate... here maybe this will save you the trouble of searching (and keep you from actually needing them! :) http://support.microsoft.com/default.aspx?kbid=332199 http://www.jsiinc.com/SUBN/tip6700/rh6741.htm your DNS records should be taken care of if DNS is working correctly. Do transfer the FSMO roles off first as you mentioned. If you haven't done them before, they're pretty straight-forward except for the schema master role. You have to register a dll to use the graphical schema tool (you can use ntdsutil but it can be intimidating if you haven't used it much before). This article goes through all the roles, just in case. http://support.microsoft.com/?kbid=255690 good luck - Rich -Original Message- From: Joe [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 8:51 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Changing Hardware for DC Interesting on your demotion experience. I have been running AD and large numbers of domain controllers since the bloody oem days and can't say I have experienced what you have experienced. I have run into a couple of DCPROMO's into DC's before where the SPN didn't make it into the main part of AD but never a failed demotion. If the machine was functioning and had dns entries I could demote. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Wednesday, December 03, 2003 8:43 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Changing Hardware for DC This should work just fine. A couple of things to watch for, though: 1. Wait a while after the demotion of each DC before you rename it. Make sure your AD has replicated fully. 2. Back in the early days of AD, I did a lot of this sort of thing in the lab and found that demoting a DC to a member server was a crap-shoot. Many times the demotion would fail, and I'd be in for a long session with NTDSUtil to clean up. That was in the SP1 days, though - things may be better now. An alternate method of doing what you want would be to do a full backup, then a restore on the new hardware. I think I like your method better, though. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Man Sent: Tuesday, December 02, 2003 11:47 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Changing Hardware for DC Hello, I need to replace a few DC's with new hardware. I MUST be able to use the same machine name and IP address for the new server so I will need to take the old server down and bring the new up in its place. These are the FSMO holders so I just want to make sure there are no unforeseen issues with doing this. A few additional notes: These DC's are the FSMO's and DNS is on Bind 8. Rough plan: Old server: -Transfer roles off to another DC -SystemState backup? -Demote old server -Change name -Change IP New server: -Assign 'old' Name -Assign 'old' IP -DCPromo New server -Transfer roles back -Etc, etc. What am I missing, do I need to do any kind of DNS cleanup first or this will happen dynamically? Any thoughts? Thanks, AM _ Shop online for kids' toys by age group, price range, and toy category at MSN Shopping. No waiting for a clerk to help you! http://shopping.msn.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not
RE: [ActiveDir] Changing Hardware for DC
In early days, in a lab, I rebuilt a few DCs before I remembered about demoting (i.e. I blew them away) and learned ntdsutil the hard way. But since then I have demoted a number of them and not had a problem. However, while searching for something else last night, I ran across a couple of TechNet and JSI articles about using the /FORCEREMOVAL switch on DCPROMO for when a DC just doesn't cooperate... here maybe this will save you the trouble of searching (and keep you from actually needing them! :) http://support.microsoft.com/default.aspx?kbid=332199 http://www.jsiinc.com/SUBN/tip6700/rh6741.htm your DNS records should be taken care of if DNS is working correctly. Do transfer the FSMO roles off first as you mentioned. If you haven't done them before, they're pretty straight-forward except for the schema master role. You have to register a dll to use the graphical schema tool (you can use ntdsutil but it can be intimidating if you haven't used it much before). This article goes through all the roles, just in case. http://support.microsoft.com/?kbid=255690 good luck - Rich -Original Message- From: Joe [mailto:[EMAIL PROTECTED] Sent: Monday, December 08, 2003 8:51 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Changing Hardware for DC Interesting on your demotion experience. I have been running AD and large numbers of domain controllers since the bloody oem days and can't say I have experienced what you have experienced. I have run into a couple of DCPROMO's into DC's before where the SPN didn't make it into the main part of AD but never a failed demotion. If the machine was functioning and had dns entries I could demote. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Wednesday, December 03, 2003 8:43 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Changing Hardware for DC This should work just fine. A couple of things to watch for, though: 1. Wait a while after the demotion of each DC before you rename it. Make sure your AD has replicated fully. 2. Back in the early days of AD, I did a lot of this sort of thing in the lab and found that demoting a DC to a member server was a crap-shoot. Many times the demotion would fail, and I'd be in for a long session with NTDSUtil to clean up. That was in the SP1 days, though - things may be better now. An alternate method of doing what you want would be to do a full backup, then a restore on the new hardware. I think I like your method better, though. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Man Sent: Tuesday, December 02, 2003 11:47 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Changing Hardware for DC Hello, I need to replace a few DC's with new hardware. I MUST be able to use the same machine name and IP address for the new server so I will need to take the old server down and bring the new up in its place. These are the FSMO holders so I just want to make sure there are no unforeseen issues with doing this. A few additional notes: These DC's are the FSMO's and DNS is on Bind 8. Rough plan: Old server: -Transfer roles off to another DC -SystemState backup? -Demote old server -Change name -Change IP New server: -Assign 'old' Name -Assign 'old' IP -DCPromo New server -Transfer roles back -Etc, etc. What am I missing, do I need to do any kind of DNS cleanup first or this will happen dynamically? Any thoughts? Thanks, AM _ Shop online for kids' toys by age group, price range, and toy category at MSN Shopping. No waiting for a clerk to help you! http://shopping.msn.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ---APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE--- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail
RE: [ActiveDir] Changing Hardware for DC
Interesting on your demotion experience. I have been running AD and large numbers of domain controllers since the bloody oem days and can't say I have experienced what you have experienced. I have run into a couple of DCPROMO's into DC's before where the SPN didn't make it into the main part of AD but never a failed demotion. If the machine was functioning and had dns entries I could demote. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Wednesday, December 03, 2003 8:43 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Changing Hardware for DC This should work just fine. A couple of things to watch for, though: 1. Wait a while after the demotion of each DC before you rename it. Make sure your AD has replicated fully. 2. Back in the early days of AD, I did a lot of this sort of thing in the lab and found that demoting a DC to a member server was a crap-shoot. Many times the demotion would fail, and I'd be in for a long session with NTDSUtil to clean up. That was in the SP1 days, though - things may be better now. An alternate method of doing what you want would be to do a full backup, then a restore on the new hardware. I think I like your method better, though. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Man Sent: Tuesday, December 02, 2003 11:47 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Changing Hardware for DC Hello, I need to replace a few DC's with new hardware. I MUST be able to use the same machine name and IP address for the new server so I will need to take the old server down and bring the new up in its place. These are the FSMO holders so I just want to make sure there are no unforeseen issues with doing this. A few additional notes: These DC's are the FSMO's and DNS is on Bind 8. Rough plan: Old server: -Transfer roles off to another DC -SystemState backup? -Demote old server -Change name -Change IP New server: -Assign 'old' Name -Assign 'old' IP -DCPromo New server -Transfer roles back -Etc, etc. What am I missing, do I need to do any kind of DNS cleanup first or this will happen dynamically? Any thoughts? Thanks, AM _ Shop online for kids' toys by age group, price range, and toy category at MSN Shopping. No waiting for a clerk to help you! http://shopping.msn.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Changing Hardware for DC
This should work just fine. A couple of things to watch for, though: 1. Wait a while after the demotion of each DC before you rename it. Make sure your AD has replicated fully. 2. Back in the early days of AD, I did a lot of this sort of thing in the lab and found that demoting a DC to a member server was a crap-shoot. Many times the demotion would fail, and I'd be in for a long session with NTDSUtil to clean up. That was in the SP1 days, though - things may be better now. An alternate method of doing what you want would be to do a full backup, then a restore on the new hardware. I think I like your method better, though. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of AD Man Sent: Tuesday, December 02, 2003 11:47 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] Changing Hardware for DC Hello, I need to replace a few DC's with new hardware. I MUST be able to use the same machine name and IP address for the new server so I will need to take the old server down and bring the new up in its place. These are the FSMO holders so I just want to make sure there are no unforeseen issues with doing this. A few additional notes: These DC's are the FSMO's and DNS is on Bind 8. Rough plan: Old server: -Transfer roles off to another DC -SystemState backup? -Demote old server -Change name -Change IP New server: -Assign 'old' Name -Assign 'old' IP -DCPromo New server -Transfer roles back -Etc, etc. What am I missing, do I need to do any kind of DNS cleanup first or this will happen dynamically? Any thoughts? Thanks, AM _ Shop online for kids' toys by age group, price range, and toy category at MSN Shopping. No waiting for a clerk to help you! http://shopping.msn.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] Changing Hardware for DC
Nothing more to do, as long as the FSMO transfer and demotion completes successfully. Otherwise, you will have to dig into ntdsutil to clean out the retired DC and seize the roles BEFORE you install and DCPromo the new one. In your scenario, SystemState backup will be unnecessary. Depending on the size of your Forest, it may be prudent to wait an hour or so between demotion and promotion. HTH Sincerely,Dèjì Akómöláfé, MCSE MCSA MCP+Iwww.akomolafe.comwww.iyaburo.comDo you now realize that Today is the Tomorrow you were worried about Yesterday? -anon From: AD ManSent: Tue 12/2/2003 8:47 PMTo: [EMAIL PROTECTED]Subject: [ActiveDir] Changing Hardware for DC Hello, I need to replace a few DC's with new hardware. I MUST be able to use the same machine name and IP address for the new server so I will need to take the old server down and bring the new up in its place. These are the FSMO holders so I just want to make sure there are no unforeseen issues with doing this. A few additional notes: These DC's are the FSMO's and DNS is on Bind 8. Rough plan: Old server: -Transfer roles off to another DC -SystemState backup? -Demote old server -Change name -Change IP New server: -Assign old Name -Assign old IP -DCPromo New server -Transfer roles back -Etc, etc. What am I missing, do I need to do any kind of DNS cleanup first or this will happen dynamically? Any thoughts? Thanks, AM _ Shop online for kids toys by age group, price range, and toy category at MSN Shopping. No waiting for a clerk to help you! http://shopping.msn.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
[ActiveDir] Changing Hardware for DC
Hello, I need to replace a few DC's with new hardware. I MUST be able to use the same machine name and IP address for the new server so I will need to take the old server down and bring the new up in its place. These are the FSMO holders so I just want to make sure there are no unforeseen issues with doing this. A few additional notes: These DC's are the FSMO's and DNS is on Bind 8. Rough plan: Old server: -Transfer roles off to another DC -SystemState backup? -Demote old server -Change name -Change IP New server: -Assign old Name -Assign old IP -DCPromo New server -Transfer roles back -Etc, etc. What am I missing, do I need to do any kind of DNS cleanup first or this will happen dynamically? Any thoughts? Thanks, AM _ Shop online for kids toys by age group, price range, and toy category at MSN Shopping. No waiting for a clerk to help you! http://shopping.msn.com List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
