Announcement

Collapse
No announcement yet.

Removing 2K DC and renaming Server 2003 machine

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Removing 2K DC and renaming Server 2003 machine

    I have the following scenario and need to know what is the best way to accomplish it.

    I have 2 DCs one parent (server-alpha) and one child (server-beta). I have added two new server 2003 machines and promoted them to DC to replace these (alpha1 to replace server-alpha and beta1 to replace server-beta). I have transferred all of the FSMO roles and transferred data and shares. What I want to do is rename the new DCs to the old names (I have several apps that point to the old name and data paths are mapped to the old names).

    Can I change the name of the old servers while they are a DC? Should I?

    What would be the most effective way to accomplish this task. I am not an expert with DCs, but I can read and follow directions well.

    Any help will be greatly appreciated.

  • #2
    Re: Removing 2K DC and renaming Server 2003 machine

    1. Make sure that new DCs are GC and DNS.

    2. Stop "netlogon" on old DCs for some time to ensure that new DCs are working fine.

    3. Once sure, demote the old DCs.

    4. Make sure all the entries are removed specific to old DCs.

    Just check 19 and 20 number in Procedure 1........

    http://support.microsoft.com/kb/216498

    5. Rename the DCs, no issues at all.......

    Feel free to ask if specific information is needed......

    Regards,
    Kapil Sharma
    ~~~~~~~~~~~~~
    Life is too short, Enjoy It.

    Comment


    • #3
      Re: Removing 2K DC and renaming Server 2003 machine

      Once I stop netlogon on the old DCs, will people still have access to the files on those machines? Will this force all logon and logoff traffic to the new DCs?

      Comment


      • #4
        Re: Removing 2K DC and renaming Server 2003 machine

        Yes... All the access will remain as it is.

        Netlogon is just for domain authentication and clients will continue to be authenticated from new DC and that is waht we want to ensure........

        Regards,
        Kapil Sharma
        ~~~~~~~~~~~~~
        Life is too short, Enjoy It.

        Comment


        • #5
          Re: Removing 2K DC and renaming Server 2003 machine

          I disabled netlogon on the two old DCs this morning and everything seems to be running fine. I do however find the following error in my Event log on a regular basis. (It has occured 8 times in the last 5 days)

          There are multiple accounts with name cifs/BETA1 of type DS_SERVICE_PRINCIPAL_NAME
          Is this something to be concerned about and if so, How do I resolve it?

          Comment


          • #6
            Re: Removing 2K DC and renaming Server 2003 machine

            There must be a duplicate account in AD with the name "BETA1" and I guess one of the account should be having a red cross on it. You can easily find it by running a search query in AD for the computer with the name "BETA1".

            Just delete the one with red-cross on it.........

            Rest is fine...............

            Regards,
            Kapil Sharma
            ~~~~~~~~~~~~~
            Life is too short, Enjoy It.

            Comment


            • #7
              Re: Removing 2K DC and renaming Server 2003 machine

              Looking ahead at the steps provided, When I run adsiedit.msc, I get two windows. The left windows says ADSI edit. The right window has a red x and stats MMC could not create the snap in. I found a post on another site that unregistered dll's could cause that, it just did not state which dll's. Any ideas?

              Thanks for all of your help.

              Comment


              • #8
                Re: Removing 2K DC and renaming Server 2003 machine

                Easy way would be that just install the support tools once more...........

                Otherwise adsiedit.dll is the correct dll.

                Regards,
                Kapil Sharma
                ~~~~~~~~~~~~~
                Life is too short, Enjoy It.

                Comment


                • #9
                  Re: Removing 2K DC and renaming Server 2003 machine

                  Additionally I donot think you need to use adsiedit, You can find the same using active directory users and computers. The account should be in "domain Controllers" OU otherwise just use search in "ADUC".

                  Regards,
                  Kapil Sharma
                  ~~~~~~~~~~~~~
                  Life is too short, Enjoy It.

                  Comment


                  • #10
                    Re: Removing 2K DC and renaming Server 2003 machine

                    I have followed the steps laid out above and everything seems to go fine with one exception. Before when I was logged on the the domain JMA, I could access files on the child domain student.jma.org. Now I am not able to do so. What do I need to do to correct that problem?

                    Comment


                    • #11
                      Re: Removing 2K DC and renaming Server 2003 machine

                      I have gotten my access issues resolved. (Wrong DNs Server) However I am getting the following in hte event log every few minutes on both the Parent Dc and the CHild DC. I think that it is trying to replicate the AD with the old servers. I have searched in the dns for the mscds addresses below and I do not see them. Any suggestions?

                      1/19/2008,4:47:14 PM,NTDS Replication,Error,DS RPC Client ,1411,NT AUTHORITY\ANONYMOUS LOGON,SERVER-BETA,"Active Directory failed to construct a mutual authentication service principal name (SPN) for the following domain controller.

                      Domain controller:
                      0d152e98-ff95-473e-b029-01a9b7de91c7._msdcs.JMA.org

                      The call was denied. Communication with this domain controller might be affected.

                      Additional Data
                      Error value:
                      8589 The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute."
                      1/19/2008,4:47:08 PM,NTDS Replication,Error,DS RPC Client ,1411,NT AUTHORITY\ANONYMOUS LOGON,SERVER-BETA,"Active Directory failed to construct a mutual authentication service principal name (SPN) for the following domain controller.

                      Domain controller:
                      8b2a194d-cdbc-486c-955d-d66fcfbee129._msdcs.JMA.org

                      The call was denied. Communication with this domain controller might be affected.

                      Additional Data
                      Error value:
                      8589 The DS cannot derive a service principal name (SPN) with which to mutually authenticate the target server because the corresponding server object in the local DS database has no serverReference attribute."
                      1/19/2008,4:02:08 PM,NTDS Replication,Error,DS RPC Client ,1411,NT AUTHORITY\ANONYMOUS LOGON,SERVER-BETA,"Active Directory failed to construct a mutual authentication service principal name (SPN) for the following domain controller.

                      Comment


                      • #12
                        Re: Removing 2K DC and renaming Server 2003 machine

                        Hi,

                        Just have a look at the following KB:

                        http://support.microsoft.com/kb/308111

                        Let us know if you feel any issue.

                        Regards,
                        Kapil Sharma
                        ~~~~~~~~~~~~~
                        Life is too short, Enjoy It.

                        Comment


                        • #13
                          Re: Removing 2K DC and renaming Server 2003 machine

                          The article refers to windows 2000 server and I no longer have windows 2000 server on the network. I have removed the Windows 2000 DCs from the network. They are no longer there to replicate to. I removed all references to them in the AD and then I renamed my two new DCs (which are server 2003) the same names as the old DCs.

                          One of the servers is a DC for the parent domain and one for the child domain. There is really no replication to be done. How do I stop this error?

                          Any help will be greatly appreciated.

                          Comment


                          • #14
                            Re: Removing 2K DC and renaming Server 2003 machine

                            This error is related to SPNs and even the article says about W2K but it works same way in W2k3.

                            Regards,
                            Kapil Sharma
                            ~~~~~~~~~~~~~
                            Life is too short, Enjoy It.

                            Comment

                            Working...
                            X