Announcement

Collapse
No announcement yet.

Replacing AD Environment

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Replacing AD Environment

    Just after some advice to make sure that what I'm about to do is right, or if there's anything else I should be preparing.

    I've recently joined a new company and have a few projects on the go. The main one is replacement of the internal systems.

    Current setup is: 1 main server that is a DC / DNS / DHCP / FILE / PRINT / IAS (RADIUS) for VPN / cisco auth, a few windows servers and a few linux servers.

    No server / client machines are actually joined to the domain, all computers have local accounts setup with usernames that match their AD account - so this auths them for file / print / vpn (IAS) etc. Servers have been manually added within DNS in the forward / reverse lookup zones.

    I was going to just build on the existing active directory setup, but its really messy and cant work out some of it.. its been left for a few years, the server is old (out of warranty with 1 HDD failed in a RAID 1.. )

    I've built a new server with the same IP address that is a DC, setup correctly running DNS / DHCP etc. It's in a test environment at the moment and I've added a 2nd DC, checked replication etc, added a client to the domain and tested the user accounts.

    IAS Radius was exported and imported using netsh commands - hopefully this included shared secrets etc.

    I'm planning on doing a test tomorrow evening out of hours. Due to the existing server running on 1 disk, and having not been powered off in months, im not keen on turning it off!

    The plan is to simply unplug the current server and plug the new one in, and test the following:


    Disconnection of old server & connection of new server to production network
    Active Directory user authentication
    File shares accessible / working
    Printers accessible / working
    DNS correctly routing access to names / IP addresses
    DHCP correctly issuing addresses within specified scope to clients
    IAS (RADIUS) VPN Active Directory authentication
    IAS (RADIUS) Active Directory authentication to CISCO devices
    Test successful back up & restore of server

    I've added a Alias (CNAME) entry for the old server in DNS so hopefully all shortcuts / apps / userfiles will continue to work as normal.

    One thing im not sure about is DHCP - should I turn this off whilst testing to stop IP addresses being changed etc?

    If all the tests complete ok, my plan is to leave this server plugged in enable DHCP and migrate over the user data to the new server.

    Any thoughts on what I'm doing here? I've administered networks in my past roles but this is the first time I've done a full install and its complicated by the existing messy setup.

    Thanks for any advice / thoughts..

    R

  • #2
    Re: Replacing AD Environment

    you seem to be on the right track.
    as far as DHCP you could either turn it off or redirect the BOOTP IPHELPER in your routers to point the the new DHCP server's IP and removing the old IP from the IPHELPER.
    the only problem I might see is that once you Insert in the new DHCP server , how would the server know about what IPs are already been used (e.g a workstation was not turned off and has an IP)? the New server might try and give that IP to a different machine.
    to over come this there is a configuration in the DHCP (don't remember where) that the DHCP server should PING the IP to see if it is alive before it actually gives the IP to a workstation.
    As far as AD, your old AD seems to serve no one (Users), I would Highly recommend considering creating a New fresh Domain from a Windows 2003 w/SP1 Media or above (Not R2 Media) rather and try upgrading the old Domain and just recreate the Printers or whatever little resources that old domain used to hold on.

    NOTE about R2:This conflicts with expectations because 2003 R2 media is essentially 2003 with SP1. Expectations are that it should be the same. However, this does not occur because of an incorrect schema.ini file on the R2 media.
    Last edited by Akila; 29th October 2008, 16:51.

    Comment


    • #3
      Re: Replacing AD Environment

      Thanks for your reply Akila,

      The new domain I have built using Server 2003 R2 64bit edition with sp2 - Is there an issue with using this to setup a new AD domain etc?

      I've just noticed one thing that may be a problem. We use a pop3 setup for our email that points to mail.company.com - so all outlook clients point to mail.company.com - my new domain is company.local - does this mean I will need to create a new primary lookup zone so people can continue using mail.company.com? or is there a better way around this problem other than visiting every machine?

      Thanks,
      Ryan

      Comment


      • #4
        Re: Replacing AD Environment

        Originally posted by rapid View Post
        Thanks for your reply Akila,

        The new domain I have built using Server 2003 R2 64bit edition with sp2 - Is there an issue with using this to setup a new AD domain etc?

        I've just noticed one thing that may be a problem. We use a pop3 setup for our email that points to mail.company.com - so all outlook clients point to mail.company.com - my new domain is company.local - does this mean I will need to create a new primary lookup zone so people can continue using mail.company.com? or is there a better way around this problem other than visiting every machine?

        Thanks,
        Ryan
        R2 w/SP2 should be ok, my comment was for the original R2 that was with SP1.

        regarding your mail server is an Internal pop3 name or a is it used by the Internet?
        meaning it has an MX record in the Internet

        Comment


        • #5
          Re: Replacing AD Environment

          Its a DNS entry that points to an internet pop3 server.. so at the moment mail.abc.com resolves to the internet pop server..

          The new domain is abcgroup.local so when I create a CNAME entry its putting it as mail.abcgroup.local..

          If i added an entry in the host file on a machine to be xxx.xxx.xxx.xxx mail.abc.com it would work?

          Just not sure how resolve this in the new DNS, the only way would be to create a new forward lookup zone?

          Thanks,
          Ryan

          Comment


          • #6
            Re: Replacing AD Environment

            I'm not sure what the problem is here. If the FQDN for a host is different to the FQDN of your AD domain, then your DNS server will look to the forwarders you have configured to resolve it.
            Gareth Howells

            BSc (Hons), MBCS, MCP, MCDST, ICCE

            Any advice is given in good faith and without warranty.

            Please give reputation points if somebody has helped you.

            "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

            "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

            Comment


            • #7
              Re: Replacing AD Environment

              Thought I would post in here to say thanks, the testing was delayed by a week or so but eventually it went ahead.

              Problems I hit was:

              IAS / RADIUS configuration - for some reason the Remote Access Policies had dropped some of my policy conditions so some user groups needed to be re-added.

              Printers: Couldn't get our Xerox c2424 Workcentre working, the new server is 64 bit - so i just think im hitting problems with compatibility which is a shame. Tried every driver under the sun and spoken to xerox support.. sods law that out of everything this has been the biggest pain in the bum.

              Next step is to get my new 42U rack in a shoebox server room, removing the 24U in there... the cabling is a birds nest so lots of auditing of ports and what cables go where!

              Thanks again,
              R

              Comment

              Working...
              X