Re: Moving forest root server

Hello,
Ensure the other Forest Root Domain Controller remains online and are configured for being a GC, DNS (if not hosted outside) also as you suggested move all FSMO roles off the DC you are going to transfer to another location. (Never transfer a DC offline containing the FSMO roles)

When you have transferred the DC to it's new location run: nltest /dsregdns and ipconfig/registerdns as well dcdiag to make sure everything is fine.

--
Regards
Christoffer Andersson, TrueSec
Executive Consultant
Microsoft MVP - Directory Services
----------------------------------------------------------------
http://www.chrisse.se - Active Directory Resources

"JDT" <JDT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:0CBBC33F-B1DA-47AF-9D01-F7715DAE5046@xxxxxxxxxxxxxxxx
Hi,
Forgot to mention that we're currently running a Windows 2000 Server
environment.

Kind regards,
--
JDT


"JDT" wrote:

Hi All,

Due to the consolidation of our data center, we need to migrate our forest
root server to another physical location. This move implies that we have to
move the server physically (downtime +/- 6hours) and we need to change the IP
Address.

Our forest consists out of one root domain and 2 child domains. A few weeks
ago we had a big problem in one of the child domains. the issues were: bad
objects (gpo, logonscript, ...) replicated out of nowhere to the Active
directory (probably old messy stuff that remained in the AD, and suddenly
propagated... (problem resolved with Microsoft.)

We have a domain controller currently running on the new location which is a
replication partner from the forest root dc at the old location. At a first
sight the replication is working fine, but nevertheless I'm feeling that this
server is not behaving as it should.

What would be the best way to perform this move?
I'm going to make sure that the Child domains are completely ok and I can
also almost assure that the second root DC is in a good shape. But, what do I
do with the FSMO Roles on my root server at the old location? should I move
them cleanly to the other server or should I just shutdown the box, move it,
change the IP and hope / pray...?

Many thanks in advance,
Kind regards,

--
JDT

.

Relevant Pages

  • Re: Microsoft Certificate Authority
    ... You can run the root CA on a domain controller - that's how I have to do it ... recommended configuration but if you're hardware & server license restricted ... The Enterprise Root CA can issue certificates. ...
    (microsoft.public.security)
  • Re: FSMO Roles Question and DCPromo
    ... Root is a term about DOMAINS; the first domain in a Forest is ... > FSMO roles to the other domain controller. ... probably due to your CLIENT DNS settings being ... properties of a DC MUST be set to use the working DNS server ...
    (microsoft.public.win2000.active_directory)
  • Re: Windows 2003 Server Shuts Down Unexpectedly; Events 1001, 1013
    ... Something you said about the root of the AD. ... it be in the domain controller section or the section above it. ... consultants that also have admin rights on the server. ... >> see if there are any settings that may be the culprit. ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows 2000 & SBS 2003
    ... The way to go would be to install the SBServer as the Domain Controller ... Root of Forest Holding the FSMO Root and Global Catalogue, ... Downgrading the Current Win2kServer to being a BDC or Member Server. ... > I would like to install windows sbs 2003 server on a new> server. ...
    (microsoft.public.windows.server.sbs)
  • Re: Replicating the Forest Root DNS Zone
    ... If the root zone is being transferred with delegations then ... the DNS doesn't do any extra loop because it haves the NS for these DNS ... servers in these Child domains. ... the forest root is replicated to every DC in the forest, ...
    (microsoft.public.windows.server.active_directory)
Loading