Re: Advice on Replacing First Domain Controller in Forest/Domain
- From: Meinolf Weber <meiweb(nospam)@gmx.de>
- Date: Sun, 3 Aug 2008 19:06:27 +0000 (UTC)
Hello Zoey,
Minimum 2 and maximum is 6 over different sites. See inline for your list.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Hello Meinolf,
Thanks again. It sounds like I need to take out the server name I have
in the DNS suffix for all the servers. It sounds like all I need is
the IP Address for the primary and alternate servers. Just curious
how many DCs do you have in your forest? Let me recap my checklist
that you and Danny helped provide. I hope you can just confirm if i'm
missing anything:
Before starting with any step run diagnostic tools
(New Server Pre Checklist)
* Build new server as a member server with a temp ip address and temp
name
Ok.
(Server being Replaced Checklist)
* Backup Systemstate
* Transfer remaining FSMO roles to another DC
* Export DHCP database config.
* Remove server as a GC
* Before demoting server, run replmon, dcdiag and netdiag on all dcs
to
confirm errors.
* Demote Server to member server
Ok.
* If I have any errors or problems with demotion run the metebase
cleanup.
Only if you have no option to solve the problem and then the old machine should be NEVER reconnected. If you have errors/problems you can also post them here.
* Rename server
* Change IP Address
* Unauthorize DHCP scopes - Question ==>should I be unauthorizing DHCP
at
this time?
Not needed. Only after importing to the new server you have to authorize the new one.
(New server)
* Rename server to server name i'm replacing.
* Change IP Address to the IP Address of server being replaced.
* Run DCPROMO and make this a domain controller in existing domain.
* Install DNS Active Directory Integrated, make this a primary server
Question - I assume this will pull the zone information from the
the
other server that is also an active directory integrated and has the
server
i'm replacing in the "name servers" tab. Please confirm.
The advantage of AD int. is, that all DNS zone information will be replicated automatically. You have only to wait round 15 minutes and all should be copied.
* Install DHCP
Question - Should I be doing DHCP before running DCPROMO?
Yes. http://support.microsoft.com/kb/325473
* Import DHCP config
* Authorize DHCP
* Install WINS
* Transfer FSMO roles back to this server. Transfer Infrastructure
role to
the DC that is not a Global Catalog server.
In a single forest domain you can have all FSMO roles on one DC: http://support.microsoft.com/kb/223346/en-us
* Make server a Global Catalog Server
* Verify DNS
* Verify DHCP
I think I should be all set after this. If you could confirm my
checklist and my remaining questions, I should be good to go.
Thansk again
"Meinolf Weber" wrote:
Hello Zoey,
From MS:
Configuring a DNS suffix search list
For DNS clients, you can configure a DNS domain suffix search list
that extends
or revises their DNS search capabilities. By adding additional
suffixes to
the list, you can search for short, unqualified computer names in
more than
one specified DNS domain. Then, if a DNS query fails, the DNS Client
service
can use this list to append other name suffix endings to your
original name
and repeat DNS queries to the DNS server for these alternate FQDNs.
For computers and servers, the following default DNS search behavior
is predetermined and used when completing and resolving short,
unqualified names.
When the suffix search list is empty or unspecified, the primary DNS
suffix of the computer is appended to short unqualified names, and a
DNS query is used to resolve the resultant FQDN. If this query fails,
the computer can try additional queries for alternate FQDNs by
appending any connection-specific DNS suffix configured for network
connections.
If no connection-specific suffixes are configured or queries for
these resultant connection-specific FQDNs fail, then the client can
then begin to retry queries based on systematic reduction of the
primary suffix (also known as devolution).
For example, if the primary suffix were "example.microsoft.com", the
devolution process would be able to retry queries for the short name
by searching for it in the "microsoft.com" and "com" domains.
When the suffix search list is not empty and has at least one DNS
suffix specified, attempts to qualify and resolve short DNS names is
limited to searching only those FQDNs made possible by the specified
suffix list. If queries for all FQDNs formed as a result of appending
and trying each suffix in the list are not resolved, the query
process fails, producing a "name not found" result.
Notes
. If the domain suffix list is used, clients continue to send
additional alternate queries based on different DNS domain names when
a query is not answered or resolved. Once a name is resolved using an
entry in the suffix list, unused list entries are not tried. For this
reason, it is most efficient to order the list with the most used
domain suffixes first.
. Domain name suffix searches are used only when a DNS name entry is
not fully qualified. To fully qualify a DNS name, a trailing period
(.) is entered at the end of the name.
Personally i never used this field in any of my domains, because we
have only single forest domains. With your configuration to the PDC
during your upgrading, i think the main point was to get the "master"
DC and also the "master" DNS server, it was only important to
configure the preferred DNS server to this machine. From my point of
view the settting with the servername will not help you on this. And
as said in the articles, you have to add there no servername. I would
remove it on all machines, have a look for 2 days, if possible reboot
the servers and see if everything is still working. I assume it makes
no difference.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
Meinolf,
Sorry to keep bugging you (I probably owe you my life right now :}
). I just want to recap what you said here, because if true, I may
have had our DNS all wrong here in my environment. When I upgraded
our network from NT4 to Windows2000, I had to make sure all the
servers pointed to the PDC before the upgrade to Windows2000. I did
this by entering the IP Address and then added the Primary server in
the DNS suffix on all the servers. So i've had all dcs and member
servers configured like this since Windows2000. As I upgraded our
windows2000 domain to Wndows2003 I kept everything as is. It
appears your notes state on all my servers (including the first
domain controller in the forest) I leave this dns suffix field blank
and take out the server name. Can you confirm? Sorry again, I just
want to make sure I have my DNS setup properly in our environment,
and afraid to remove anything that has been working.
Thanks again for all your time and patience.
Regards,
Zoey
"Meinolf Weber" wrote:
Hello Zoey,
This field, if used, contains the DNS suffixes, NO servernames.
Here is a description for the field:
Provides a space for you to specify a DNS suffix for this
connection.
If
a DHCP server configures this connection and you do not specify a
DNS
suffix,
a DNS suffix for this connection is assigned to this connection by
the appropriately
configured DHCP server. If you specify a DNS suffix, the DNS suffix
assigned
by the DHCP server is ignored. The local setting is used only if
the
associated
Group Policy is disabled or unspecified.
It is most helpful in multi-domain environments, as you can append
each dns
suffix to properly see resources across domains. If you only have
one
domain,
or no domain at all, it does not really matter, and you can leave
it
blank.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
DNS Suffix for this connection
.
- Follow-Ups:
- References:
- Prev by Date: Re: Changing frequency of time sync
- Next by Date: Re: can't access logon script using UNC path
- Previous by thread: Re: Advice on Replacing First Domain Controller in Forest/Domain
- Next by thread: Re: Advice on Replacing First Domain Controller in Forest/Domain
- Index(es):
Relevant Pages
|
