replacing domain controller

[ssahl]

We had a domain controller go down (it's old)
when I setup a new one can I use the same domain name and different IP address (dns)
or will I have to do it like I'm setting up a totally new one
oh yea, this is windows 2003

[glc]

Do you have a good backup of the AD?

[ssahl]

no

[glc]

Then you will be setting everything up from scratch.

[ssahl]

would there be any reason that why I shouldnt use our current DHCP server?

Also, I had a question about the old domain controller, even though it went down, users can still login, so long as they have logged on that same workstation before. How long will that last?

[Khalil]

Can you get the old domain controller up at all? Is the forest still intact on it? If it is, then build the new server, dc promo it fully while the old server is on and make sure you set your AD correctly then take down the old one, the new one will become the DC.
If you can't get the old server up to run even temporarily then you will need to do everything from scratch as glc suggested.

Quote:

Also, I had a question about the old domain controller, even though it went down, users can still login, so long as they have logged on that same workstation before. How long will that last?

Are you saying they are logging on to the domain while the DC is not even on?

[ssahl]

I cant get it to come up at all
this thing is OLD
dual 400MHz cpu
lol
but the smart guy who set it up (I cant take credit for this work) set it up on a RAID 0
with 6 drives no less
I got it to come up once before, but only lasted for a short time, I think it's out for the count now.
so far I was able to just change the dns on the workstations and nobody noticed anything different. I understand that getting a new server would be the best way to go, but that would mean spending more money, dont think thats in the cards
and it's only for 50-60 clients tops,

[Khalil]

Sorry bud looks like you have to start from scratch, make sure and finish the install when you install Windows 2003 on the new server. Most common problem people have is not finishing the full install.

For that many users you can build a real low cost server, let me know and I can recommend hardware for you. Can you afford around $1200 for a new server? You can reuse the server 2003 license on the old server that, alone will save you $600+
What kind of hard drives and capacity did you have in the old server? What sort of data space you need on the new server?

[ssahl]

people are noticing now!
lol
I pretty much have to have something in place by monday, at least server wise, maybe not all the clients,
this is pretty much what I thought would happen, no time to get a new server.
Do I really need to save anything from the dhcp server? most of the workstation IP addys are set manually, and I would just have to go in there and change the dns server to match the new domain/directory server. (right? am I understanding this right?)

the server I'm going to use (current dhcp server) is actually running server 2000
since I have the license from one that went down (for sever 2003)
would it be better to do a fresh install of 2003 server, or should I upgrade, so as to keep some settings/info that is needed or time saving that I dont know about?

I think I'm in over my head
I'm just a hardware guy

common sense and being able to read can only do so much

nobody but me in our small little IT department, makes it feel like do or die

my stress level will go each time someone asks me 'why they cant access, or networks so slow' until I finally start my mission

keep u posted, wish me luck

[Force Flow]

Personally, I'd do a fresh install so you're not bogged down by whatever baggage the win 2000 server has. But then again, you should also do a through backup. DHCP/IP addressing schemes, login scripts, websites, databases, printer-related stuff, misc data...any of that stuff.

When you do set up the new domain controller, you can use the same domain and user names as before. If the users had domain logins and local profiles on the workstations, they won't notice much difference other than needing to change their password. If they were roaming or remote pofiles, then that's a different story, and unfortunately, I haven't touched that enough to be able to offer advice on that.

If there were network shares, you'll have to update the permissions since the old users have SIDs that don't exist anymore. The new users will have different SIDs.

[edit]: One other thing, BrianB mentioned this and I forgot about it...once the server is set up and before the computers can use it, every computer will have to be switched to workgroup, rebooted, joined back to the new domain, and rebooted.

[ssahl]

Thats what I wanted to hear. THANK YOU!
If I can use the same domain name on the new server along with the same client names and they will all still use/access the same local user directory. That makes me feel so much better.
We are talking, my work load has just been cut in half with that little bit of info.

I'll back up the dhcp server before I clean install, but it did such a bad job of assigning IP addys that 75-85% of the workstations have the IP address set manually because of IP conflicts anyway.

Thanks for the info Force Flow.
I understand that all shares/permissions will have to be redone (server and workstations both)
but just being able to use the same local user directory on the workstations saves me from having to not just copy over files, but setting up everyones exchange email accounts on outlook.

If all goes good I may owe u a newegg gift certificate or something.

[Force Flow]

No problem. Let us know how it turns out or if you run into any speed bumps along the way

[ssahl]

Ok, so far so good, I have the new active directory server setup with my first user.
It wouldnt let me use the same domain name because of the domain controllers that were on the old directory server, it kept wanting to change the domain name I was wanting because of conflict on the network. so I just disabled there connection to the network.
Before I add those other servers as domain controllers again, is there a service I should stop?
Or should I move them to the workgroup first?
I didnt want to enable the network connection on these and mess up what I have done so far.

[brianb]

Switch anything in the domain to "workgroup" before connecting it back to the network. Once you do that, connect it to the network, then join it to the new domain.

[ssahl]

Ok, but when I try to connect to the new domain, it says it cant find it.
I think I need to change something in the dns management maybe?

[brianb]

The domain controller should be the DNS server as well. It uses the DNS lookup of the domain to find the domain controller. Either make sure the DNS is set to the DC or have DHCP give your DC ip out for the primary DNS.

[ssahl]

Quote:

Originally Posted by brianb The domain controller should be the DNS server as well. It uses the DNS lookup of the domain to find the domain controller. Either make sure the DNS is set to the DC or have DHCP give your DC ip out for the primary DNS.

yes, my domain controller is the dns server too. I'm not sure where I need to change the dns.
my TCP/IP properties state that the dns is 127.0.0.1
but dnsmgmt shows the correct server name, and shows the same IP address that is set in TCP/IP properties.

How would I get the IP addy as a primary dns

[brianb]

Yes, the DC will use itself as DNS (127.0.0.1).

The client should have the IP of the server as its dns server. The client should pull its DHCP from the DC -- unless you ahve it set manually.

[ssahl]

Yes, I do have the dns of the computer I'm trying to join set to the same as the IP of the server. It is set manually, but it should work.
Something setup wrong somewhere.

[ssahl]

I got it, joined several computers to the new domain.
My only problem is the last server will not let me do anything.
It keeps telling me that Domain controllers cannot be moved from one domain to another, and it must be demoted. I try to continue and the option is grayed out, the directory it's seeing is still the old one, infact when I first log on, the local connection is not even available, only the old domain!
This last server was not only a domain controller for the old domain, but it is also a very important file server. (I thought I was being safe saving it for last.)

any ideas

and continued thanks for your guys help!!!!!!!!!!!!!!!!

[Khalil]

Quote:

Originally Posted by ssahl I got it, joined several computers to the new domain. My only problem is the last server will not let me do anything. It keeps telling me that Domain controllers cannot be moved from one domain to another, and it must be demoted. I try to continue and the option is grayed out, the directory it's seeing is still the old one, infact when I first log on, the local connection is not even available, only the old domain! This last server was not only a domain controller for the old domain, but it is also a very important file server. (I thought I was being safe saving it for last.) any ideas and continued thanks for your guys help!!!!!!!!!!!!!!!!

Ok I am confused, by last server, do you mean the old domain controller you could not boot before or is it the Server 2000 you installed Server 2003 on?

[brianb]

I'm a little lost, if you had another DC, you shouldn't have needed to build a new one from scratch?

But to answer the question, to demote a DC, run dcpromo and it'll let you remove the domain from it. Then you can join it to the new domain....

[glc]

Good grief - smack me if I'm out in left field, but why didn't you just promote the fileserver when the old DC went down?

[ssahl]

Well technically it's a file server, but really its a workstation with 2003 installed on a ide hdd, and another ide hdd with a bunch of shared directories that get heavily accessed.
It was already a major cause of network lag because of being over taxed
To be honest I didnt know it was setup like that. Since the OS is on a different hdd then all the 'important' files I was just thinking of my normal standby fix method of fresh install


This is not even my biggest
+issue, turns out, when I tried to remove a workstation from the 'old' domain, put it on the workgroup, then put it back on the new domain (same domain name)
it still created a new local user directory. What it does is add the domain name at the end of the username, is there a way to stop that? Some kind of work around?
If I cant get these workstations to use the same local user account directory, I cant tell you how bad this is, basically in everyones eyes nothing is working, everything is gone.

[brianb]

It will make new user profiles... You can use the "copy files to the new user profile" section of this article...

http://support.microsoft.com/kb/811151

The workstation knows it's a new domain and new user account. Everything has an identifier (SID) that has now changed. You have to log the users in the copy the data like it described to the new user profile. Usually on a network that size you end up with my document redirection to a file server so you don't have things like my documents on the local machine so when you backup a server all the documents are backed up...

[ssahl]

Ok, but I noticed reading over that a little it said that Outlook Express email info would not be carried over. What about Outlook Exchange email account info?
This is my whole issue, I dont want to have to wait to get everyones email passwords so I can create the new exchange email account and move personal folders to the new user account directory.

Either way, they should understand that thiis amount of work can only be done so fast, these old machines can only go so fast, 3-4 reboots per machine can add up to a long time, especially with about a dozen of the workstations, which have something like 7-8 min to reboot all the way.

[glc]

More to the point, I think they need to understand that occasionally you have to hire someone to come in and assist when big stuff like this happens. Trying to manage a Windows domain can turn into a can of worms when you haven't had formal training and things start going down.

[Khalil]

Quote:

Originally Posted by glc More to the point, I think they need to understand that occasionally you have to hire someone to come in and assist when big stuff like this happens. Trying to manage a Windows domain can turn into a can of worms when you haven't had formal training and things start going down.

Well said glc, even though I am pretty avid at installing server 2003 and 2008 and dealing with network setup and issues I still hired a network specialist full time as our business grew into server integration. You can't guess or learn on the fly when you have 60+ people relying on you.

[brianb]

When you copy the profile over it'll move most all settings. What it doesn't has to be redone manually... That's the way it is...

Use this chance to push actual backups and also a 2nd DC.... You want to DC's running DHCP and DNS to keep the network properly running. This isn't your doing, it's the design flaw by having single hardware failure and no backups...

[ssahl]

Man what a day, I was not able to finish every workstation as the Outlook exchange accounts all had to be redone, on top of having to copy over files because of not using the same directory. I think it would of used the same directory if there was no exchange accounts.
Anyway, monday morning was total caos, everyone trying to tell me why there situation is most important and I need to fix them first. lol, I must of told 25 or more people their Outlook account would have to wait, I dont understand what the big deal is, they can all access there email accounts through the internet.
my boss was not happy at all when she first got there, she asked me 'what do I need to do to help you to finish this.
I showed her how to move a station off the domain, onto the workgroup.
how to change the tcp/ip settings, and back on the new domain. (she is IT knowledgeable, just being a school principal she normally leaves everything to me)
After seeing what it takes to do what I couldnt finish doing sunday night, she relaxed a little.
After using her computer and seeing how our network is now 10 times faster she was very happy.
I could never explain exactly why our network had so much lag, I just dont know enough about networking to see the cause right away. I see now many of the problems with the old setup

anyway, thanks everyone for all your help, it was a major crash coarse in advanced network domain deployment, lol
This was the first one I have ever setup, and it's running pretty good, now the network is taking advantage of the fiber optic. Still have a lot to do before it is done. I set the auto backups in place today, I will also add another dc, this time not the file server,
The server I add as the second dc, I should setup DHCP and dns on it too? I actually know just how to do that, now. lol
I put in a req for a new server too, to replace the file server, that many people accessing files that are on one ide hdd just doesnt cut it.
This is my 4th day in a row working 10-12 hours, to bad I'm on salary
I think I will end up working another 3 or 4 before I get a day off.
I'm going to eat, then I'm going to crash hard.

One last thing.

PCMECH forums ROCK, there is no better help on the internet!

Thanks again.