--> Assuming it only has the DC/GC role.... <--
(steps with a @ are not mandatory but is just a safe measure as I have seen some occasions where those steps were needed...)
Steps to change the IP of a DC AND move the DC to another site:
1.@ Create a copy of the NETLOGON.DNS in %WINDIR%\system32\config and rename it to NETLOGON.DNS.TXT and move to another machine or print it (when done you can delete the .OLD file) (also see for an explanation of SRV RRs: http://www.petri.co.il/active_directory_srv_records.htm)
2.@ Deregister the SRV RR for the DC that is going to be moved into another AD site
1.NLTEST /DEDEREGDNS:
3.@ Stop the NETLOGON service on the DC
1.Use services.msc
OR
2.Use a command prompt with: NET STOP NETLOGON
4.@ Cleanup the SRV RRs that are mentioned in NETLOGON.DNS.TXT but still exist in DNS (scavenging, if enabled, will remove the records but that could take some time and some old records will be replaced by new records)
5.Move the server object of the DC to the other site. Make sure the AD site exists and that the subnets that exist are also defined in AD and assigned to that AD site!
1.Start AD Sites and Services from the command line like: DSSITES.MSC /SERVER:
2.For other steps see: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/17af6280-573e-4043-9bd9-96fe3d13f4df.mspx)
6.@ Force OUTBOUND AD replication on the DC that is going to be moved
1.From the command line (options are case sentive!): REPADMIN /SYNCALL
7.Change the TCP/IP settings (IP address, DNS IP, WINS IP, etc)
8.Shutdown the DC
9.@ Cleanup connections objects on another DC the moved DC has with other DCs and other DCs have with the moved DC (after some time the KCC will do this as it checks it replication topology each 15 min.)
10.@ On each DC where you removed the connection objects run "Check Replication Topology"
1.For steps see: http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/bb462fa2-a889-47f2-869c-2aeb06cfc5bf.mspxand/or http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Operations/f30e2a81-4e9a-454b-9fb5-20f70f6dae10.mspx)
11.Move the DC physically to the other site and turn it on
12.@ Wait at least 5 min. (the KCC runs 5 min. after the DC starts and from that point on it runs each 15 min.) or force the DC to check the replication topology
1.From the command line: REPADMIN /KCC
13.@ Force the registration of its DNS records
1.From the command line: IPCONFIG /REGISTERDNS
2.From the command line (options are case sentive!): NBTSTAT -RR
3.From the command line: NLTEST /DSREGDNS
14.@ Force INBOUND AD replication on the DC that was moved
1.From the command line (options are case sentive!): REPADMIN /SYNCALL
15.@ Force OUTBOUND AD replication on the DC that was moved
1.From the command line (options are case sentive!): REPADMIN /SYNCALL
16.@ Check the health of the DC that was moved
1.From the command line:
1.DCDIAG /V /C /D > DCDIAG_OUTPUT.TXT
2.NETDIAG /V /DEBUG > NETDIAG_OUTPUT.TXT
2.Open DCDIAG_OUTPUT.TXT and NETDIAG_OUTPUT.TXT and check for errors and if any troubleshoot and solve them
3.Also check the event logs
--> Assuming it also has the DNS server role.... <--
If it also has the DNS server role you might need to change:
1.The forwarding configuration of DNS servers that forward DNS requests to the moved DNS server
2.DNS zone delegations from other (parent) DNS servers to the moved DNS server for it DNS zones
3.If applicable don't forget DNS zone specific configurations set by DNSCMD.EXE
4.Etc. etc....
--> Assuming it also has the DHCP server role.... <--
If it also has the DHCP server role you might need to change:
1.Unauthorize it before shutting the server down
1.For steps see: http://technet2.microsoft.com/WindowsServer/en/library/b3a60969-541e-412f-95b9-d609d863039c1033.mspx?mfr=true
2.Additional info:
1.http://support.microsoft.com/?kbid=306925
2.http://support.microsoft.com/?kbid=303351
3.http://technet2.microsoft.com/WindowsServer/en/library/9a4157c4-3c2f-4871-9ffe-7d405781f2cf1033.mspx?mfr=true
2.Authorize it after booting it up again
1.For steps see: http://technet2.microsoft.com/WindowsServer/en/library/9f713d6c-d7e5-42a0-87f7-43dbf86a17301033.mspx?mfr=true
2.Additional info:
1.http://support.microsoft.com/?kbid=306925
2.http://support.microsoft.com/?kbid=303351
3.http://technet2.microsoft.com/WindowsServer/en/library/9a4157c4-3c2f-4871-9ffe-7d405781f2cf1033.mspx?mfr=true
--> Assuming it also has the WINS server role.... <--
If it also has the WINS server role you might need to change:
1.You might need to change the replication partners that replicate with the moved DC for WINS, etc.
--> Other considerations.... <--
Other changes that might be needed:
1.You might also need to change things on other servers like DNS/WINS IPs in TCP/IP settings of those servers if the moved DC hosts DNS/WINS
2.You might need to adjust DHCP scopes if those scopes reference the moved DC if it hosts DNS/WINS
--> In short ;-)).... <--
What I really mean is that you need to look at it from a relation perspective. In other words: what and how is the relation of other servers with the moved server and what and how is the relation of the moved server with other servers.
•this is also a good reference when just changing the IP of the DC!
No comments:
Post a Comment