Announcement

Collapse
No announcement yet.

Migrating DC roles (WAS: Having two DCs')

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Migrating DC roles (WAS: Having two DCs')

    I'm trying to have an additional DC and make the new one as the main DC and remove the old one (both are on windows 2003 sp2).

    What I did was that, I installed windows 2003 on a new PC and using the wizard I added this new PC as an additional DC of the existing domain. I also installed the DNS and both AD and DNS are working and replicating.

    I configured the new, additional, DC as a GC server as per the documentation found on MS website.

    What should I do next before I can remove the old DC permanently and to keep the additional DC as the only one DC?

  • #2
    Re: Having two DCs'

    Originally posted by pj_rajesh View Post
    I'm trying to have an additional DC and make the new one as the main DC and remove the old one (both are on windows 2003 sp2).

    What I did was that, I installed windows 2003 on a new PC and using the wizard I added this new PC as an additional DC of the existing domain. I also installed the DNS and both AD and DNS are working and replicating.

    I configured the new, additional, DC as a GC server as per the documentation found on MS website.

    What should I do next before I can remove the old DC permanently and to keep the additional DC as the only one DC?
    You need to migrate the FSMO roles to the new DC. Once this is done check its health with the DCdiag/netdiag switches ensure they have replicated and the roles have moved over successfully and you can then dcpromo it and remove it gracefully from the domain.

    Comment


    • #3
      Re: Having two DCs'

      Thanks a lot for the reply. I'll try it out.

      But, is it possible to have two DC with FSMO roles in one domain? Why I'm asking is that, having two DCs' one with FSMO and the other without that roles, if the DC with FSMO roles crashes (and unfortunately without a backup) can the other, additional, DC keep the domain alive?

      Comment


      • #4
        Re: Migrating DC roles (WAS: Having two DCs')

        It is not only possible but highly recommended to have more than one DC in a domain. Whilst making sure you have backups of everything is important you can also, should you absolutely require, seize FSMO roles to other domain controllers when the holder is permanently dead.

        I've also slightly modified your title.
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: Having two DCs'

          Originally posted by pj_rajesh View Post
          Thanks a lot for the reply. I'll try it out.

          But, is it possible to have two DC with FSMO roles in one domain? Why I'm asking is that, having two DCs' one with FSMO and the other without that roles, if the DC with FSMO roles crashes (and unfortunately without a backup) can the other, additional, DC keep the domain alive?
          There are 5 FSMO roles. You can spread these roles across multiple DC's but in your case build a redundant topology with another GC/DC/AD/DNS but ONE of the servers holding ALL the FSMO roles. This makes sense from a practical standpoint. Additionally as already said in the event that the server holding the FSMO roles did fail you can still seize the roles and move them to the other DC.

          Do ensure you have a backup of the system state and relevant data. A redundant topology is not an excuse for no sound backup and DR solution.

          Comment


          • #6
            Re: Migrating DC roles (WAS: Having two DCs')

            Thanks Andy..,

            I know it's recommended to have more than one DC in a domain but, my doubt is, can we have two DCs' with FSMO roles in a domain? And, if I transfer the FSMO roles from the first DC to the additional one, will the first DC have FSMO roles?

            Why I'm asking this is that, when I tried to access AD from the additional DC while keeping the first DC off, it returned me an error. But, as soon as the first DC is up, the AD in the additional DC worked.

            So, in a scenario where the first DC with FSMO roles crashes, can the additional DC without FSMO roles keep the domain alive (without restoring the first DC)?

            Comment


            • #7
              Re: Migrating DC roles (WAS: Having two DCs')

              Okay, thanks again scurlaruntings,

              I almost understand the theory now. Thanks again for you both.

              Comment


              • #8
                Re: Migrating DC roles (WAS: Having two DCs')

                No. Each FSMO role can only ever be held by one server. If you transfer them then they are no longer on the original server, if you seize them then you can never bring the original server back online.

                In the scenario you are talking about, your first DC with the roles dies, you have no backups therefore you will seize the roles on the remaining DC. It will then function as the master for those roles.
                The "error" you are getting you haven't explained however it depends what you are trying to do and what is being returned. Certain things can't be done with the FSMO roles offline but the domain will keep functioning. What is your test you are performing?
                cheers
                Andy

                Please read this before you post:


                Quis custodiet ipsos custodes?

                Comment


                • #9
                  Re: Migrating DC roles (WAS: Having two DCs')

                  When I took charge, I found that the DC have no reliable back up. When I tried to back up the DC using Windows backup utility, it hangs at the point where it shows AD. So, I couldn't take the back up. That's why I tried to sort out the situation by having an additional DC and then turn it into the main one by demoting the old.

                  Any way, I got enough information from you both and I think I can move ahead.

                  B/w, is there any time limit for AD backup. Our company have remote branches which I visit once in 6 months only. Can we use a 6 month old AD backup for restoring DC (we are not making any changes to AD)?

                  Comment


                  • #10
                    Re: Migrating DC roles (WAS: Having two DCs')

                    Originally posted by pj_rajesh View Post
                    When I took charge, I found that the DC have no reliable back up. When I tried to back up the DC using Windows backup utility, it hangs at the point where it shows AD. So, I couldn't take the back up. That's why I tried to sort out the situation by having an additional DC and then turn it into the main one by demoting the old.

                    Any way, I got enough information from you both and I think I can move ahead.

                    B/w, is there any time limit for AD backup. Our company have remote branches which I visit once in 6 months only. Can we use a 6 month old AD backup for restoring DC (we are not making any changes to AD)?
                    I wouldn't do that if i were you as you will want a current backup. Wether you have made changes to AD is irrelevant as the registry would positively have changed over that time period. Ensure you have a "current" backup first be it a cold clone/image or NTbackup.

                    Comment


                    • #11
                      Re: Migrating DC roles (WAS: Having two DCs')

                      Okay scurlaruntings,

                      Comment


                      • #12
                        Re: Migrating DC roles (WAS: Having two DCs')

                        Originally posted by pj_rajesh View Post
                        Thanks Andy..,
                        two DCs' with FSMO roles in a domain?
                        Technically there are 5 FSMO roles and they can be split up between different domain controllers. However, it's advised to keep certain roles together. Generally Schema/Domain Naming are together and RID/PDC/Infrastructure are together (at least in a multiple domain forest).
                        GoogleFu is strong with this one ^

                        Comment


                        • #13
                          Re: Migrating DC roles (WAS: Having two DCs')

                          Originally posted by stamandster View Post
                          Generally Schema/Domain Naming are together and RID/PDC/Infrastructure are together (at least in a multiple domain forest).
                          Possibly going a bit off topic here but generally you would have the IM on a different box as it shouldn't be a GC in a multi domain forest. The RID/PDC generally could stay on a single box but then again the answer is "it depends" as there are other considerations.
                          cheers
                          Andy

                          Please read this before you post:


                          Quis custodiet ipsos custodes?

                          Comment


                          • #14
                            Re: Migrating DC roles (WAS: Having two DCs')

                            generally you would have the IM on a different box as it shouldn't be a GC in a multi domain forest
                            Andy,

                            is this applicable only in a 'Multi-Domain' forest? As in my case we have only one domain and so, can I transfer/seize all the 5 rolls on the fist DC to the second DC which is also a GC (i believe GC stands for Global Cataloge) server?

                            Comment


                            • #15
                              Re: Migrating DC roles (WAS: Having two DCs')

                              Yes.
                              http://msmvps.com/blogs/UlfBSimonWei.../08/37975.aspx
                              cheers
                              Andy

                              Please read this before you post:


                              Quis custodiet ipsos custodes?

                              Comment

                              Working...
                              X