Replace domain controller

G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

We have a primary domain controller and backup domain
controller. We would like to replace the hardware on the
PDC. what is the best/easiest way to achieve this?
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

Install the new machine as a BDC while connected to the
domain. Open server manager and promote it to primary
then take the old PDC now BDC, if the promotion process
goes as planned, and rename the new PDC to match the old
PDC.

"Gabriel van Rensburg" <gabesjvr@anazi.co.za> wrote in message
> We have a primary domain controller and backup domain
> controller. We would like to replace the hardware on the
> PDC. what is the best/easiest way to achieve this?
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

Thank you very much for your quick response.

The new server has alreay been installed as a pdc with the
same name as the old pdc, but it was not connected to the
network. What do I have to do before connecting it to the
network?

>-----Original Message-----
>Install the new machine as a BDC while connected to the
>domain. Open server manager and promote it to primary
>then take the old PDC now BDC, if the promotion process
>goes as planned, and rename the new PDC to match the old
>PDC.
>
>"Gabriel van Rensburg" <gabesjvr@anazi.co.za> wrote in
message
>> We have a primary domain controller and backup domain
>> controller. We would like to replace the hardware on the
>> PDC. what is the best/easiest way to achieve this?
>
>
>.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

Hi Gabriel,

Assuming this is NT...

You've committed a common mistake which is created a new
domain with the same name as your existing. The problem is
a unique SID or security ID which is created during domain
or PDC installation that is domain specific. You won't be able
to synchronize this new PDC with either of your existing DCs
which means you'll need to migrate all of your security info
(computer accounts and user accounts) to this new PDC and
reinstall NT on the old BDC to get it to synch with the new
domain you've created. I would think backing up and creating
a new BDC with the new machine is a better choice.


"Gabriel van Rensburg" <gabesjvr@anazi.co.za> wrote in message
> Thank you very much for your quick response.
>
> The new server has alreay been installed as a pdc with the
> same name as the old pdc, but it was not connected to the
> network. What do I have to do before connecting it to the
> network?
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

Can't I just demote the new pdc to a bdc and then promote
it again?

>-----Original Message-----
>Hi Gabriel,
>
>Assuming this is NT...
>
>You've committed a common mistake which is created a new
>domain with the same name as your existing. The problem
is
>a unique SID or security ID which is created during domain
>or PDC installation that is domain specific. You won't
be able
>to synchronize this new PDC with either of your existing
DCs
>which means you'll need to migrate all of your security
info
>(computer accounts and user accounts) to this new PDC and
>reinstall NT on the old BDC to get it to synch with the
new
>domain you've created. I would think backing up and
creating
>a new BDC with the new machine is a better choice.
>
>
>"Gabriel van Rensburg" <gabesjvr@anazi.co.za> wrote in
message
>> Thank you very much for your quick response.
>>
>> The new server has alreay been installed as a pdc with
the
>> same name as the old pdc, but it was not connected to
the
>> network. What do I have to do before connecting it to
the
>> network?
>
>
>.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

Sure but you'll need to reinstall NT to demote. <g> Demotion
happens automatically when you promote an existing BDC to
primary. As I said according to MS you cannot but there is
at least 1 third party solution which will do this for you. It's
called u-promote. Also sysinternals makes a program NewSIDS
which will change the SID. These methods are not supported and
may cause problems when it's time to upgrade.


"Gabriel van Rensburg" <gabesjvr@anazi.co.za> wrote in message
> Can't I just demote the new pdc to a bdc and then promote
> it again?
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

Please excuse my ignorance. It's been a while since I
worked with NT. Why do I have to re-install to demote?
>-----Original Message-----
>Sure but you'll need to reinstall NT to demote. <g>
Demotion
>happens automatically when you promote an existing BDC to
>primary. As I said according to MS you cannot but there
is
>at least 1 third party solution which will do this for
you. It's
>called u-promote. Also sysinternals makes a program
NewSIDS
>which will change the SID. These methods are not
supported and
>may cause problems when it's time to upgrade.
>
>
>"Gabriel van Rensburg" <gabesjvr@anazi.co.za> wrote in
message
>> Can't I just demote the new pdc to a bdc and then
promote
>> it again?
>
>
>.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

That is the only place in NT4 where you can choose what role is for the
server, IE during install. Demoting/promoting is new with Win2k and up at
least for the Domain Controller/member server roles. PDC/BDC can be
promoted/demoted but not to member servers and you have created a completely
new domain by reisntalling the PDC, the proper method is to promote a BDC to
PDC and then install a new machine as a BDC then promote this new machine to
a PDC to replace the original PDC. You've got a mess right now. This new PDC
and the old BDC's are in completely different domains right now and will
never talk without reinstalling or using some 3rd party products. Even
though the domain names may appear to be the same the SID's are different.

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

"Gabriel van Rensburg" <gabesjvr@ananzi.co.za> wrote in message
news:61b001c42e22$2f641370$a601280a@phx.gbl...
> Please excuse my ignorance. It's been a while since I
> worked with NT. Why do I have to re-install to demote?
> >-----Original Message-----
> >Sure but you'll need to reinstall NT to demote. <g>
> Demotion
> >happens automatically when you promote an existing BDC to
> >primary. As I said according to MS you cannot but there
> is
> >at least 1 third party solution which will do this for
> you. It's
> >called u-promote. Also sysinternals makes a program
> NewSIDS
> >which will change the SID. These methods are not
> supported and
> >may cause problems when it's time to upgrade.
> >
> >
> >"Gabriel van Rensburg" <gabesjvr@anazi.co.za> wrote in
> message
> >> Can't I just demote the new pdc to a bdc and then
> promote
> >> it again?
> >
> >
> >.
> >
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

1) There is no manual process for demoting an NT 4.0 PDC
it's done automatically during the promotion process unless you
have a rare case where there are two PDCs for the same
domain e.g., a PDC goes down and you promote an existing
BDC to primary then you bring the back the old PDC; you now
have two PDCs for the same domain with the same SIDS. The
actual promote feature in server manager changes to demote when
two PDCs are present..

2) Even if you did a reg hack and demoted it to BDC it would
not be able to replicate with the existing domain because of a
unique SID or security id.

"Gabriel van Rensburg" <gabesjvr@ananzi.co.za> wrote in message
> Please excuse my ignorance. It's been a while since I
> worked with NT. Why do I have to re-install to demote?