2008R2 - Replacing both Domain Controllers - Questions and best practice ideas are appreciated

-

first off, taking time read post.

i'm thankfully doing testing in test environment before doing in production , has seemed have gone far (knock on wood)

here's scenario:

created virtual images of (2) server 2008 domain controllers operating in production environment.

moved them virtualized test environment (all of below takes place in test environment)

spun (2) server 2008 r2 datacenter machines , promoted them both dc's.

single forest.  both global catalogs.

one has following fsmo roles:  schema mater, domain naming master, pdc , rid.  running dhcp , dns.

the second 1 has following fsmo role:  infrastructure master.  running dhcp , dns.

transferred roles off old dcs new dcs, separated above, , demoted (2) old dc's.

logs great , ad replication status tool shows no errors.

**now testing begins**

i have captured image of win7 machine that's in production , brought on test environment.

keep in mind dns server ip addresses win7 machine has no longer valid i've demoted , have 2 new dcs different ips.

when power on win7 machine unable log on user doesn't have profile.  when try create new profile says "there no logon servers available service logon request"

i have found out if change dns server ip addresses on network card point new servers works (duh), but, , here's question, when decide make these 2 new dcs in production , demote current dcs machines in organization still have ips of old dns servers. have go each machine , change dns ip addresses point new servers?  i'm sure can done in group policy , haven't looked yet how suggest tackle this?

should create alias records in ad point old ip address new ip address?

is suggested drop each machine workgroup , rejoin domain after new dcs in place?

are there small things might missing you've experienced when doing similar.

to test further have powered off first dc schema mater, domain naming master, pdc , rid.  running dhcp , dns.

this leaves 2nd dc infrastructure master on.  running dhcp , dns.

why logs of 2nd dc have following errors:

1)  active directory domain services role: error 2087 "active directory domain services not resolve following dns host name of source domain controller , ip address"

  • yes source dc 1 that's powered off.
  • i understand error says changes in ad not replicated, once again because other off. 
  • will error correct when other dc comes online or there other steps need done once other online?

2)  dhcp server role: error 1059 "the dhcp service failed see directory server authorization"

  • once again yes other dc powered off since has dhcp role on (split pool between two) shouldn't see directory server?
  • why ip address on win7 machine 192.168.198.x when dhcp roles set lease 10.0.0.x addresses?

any feedback @ appreciated , again taking time read :)

when power on win7 machine unable log on user doesn't have profile.  when try create new profile says "there no logon servers available service logon request"
 
have found out if change dns server ip addresses on network card point new servers works (duh), but, , here's question, when decide make these 2 new dcs in production , demote current dcs machines in organization still have ips of old dns servers. have go each machine , change dns ip addresses point new servers?  i'm sure can done in group policy , haven't looked yet how suggest tackle this?


no, should done dhcp server. in dhcp server, can specify dns server clients need resolve dns names. type ip address of new dns server, or type name , click resolve, wizard determine ip address you. can add both of dns servers balance workload.



Windows Server  >  Windows Server General Forum



Comments

Post a Comment

Popular posts from this blog

Motherboard replacement

-
running windows 10 technical preview, need replace motherboard can run the  sysprep  command restoring pc ? or there easier  or more preferred way ? thanks if replace motherboard within same family of chipsets (i.e. intel > intel or amd > amd), should okay restarting pc twice. carey frisch Windows 10 Insider Preview  >  Windows 10 Insider Preview General
Read more

Cannot create Full Text Search catalog after upgrading to V12 - Database is not fully started up or it is not in an ONLINE state

-
in order access new full text search capiblities of sql azure, upgraded our azure sql v12. (a day later), when try create new catalog: create fulltext catalog mycatalog default i following message: msg 9972, level 16, state 100, line 1 database not started or not in online state. try full-text ddl command again after database started , becomes online. hi scott, apologies inconvenience caused you. known issue on service side , fix going included in next update. specific case mitigated, should able use full-text search syntax now. thanks, mihaela Microsoft Azure  >  Azure SQL Database
Read more

Remote Desktop App - Error 0x207 or 0x607

-
hi all, i manage windows 2012 r2 network, including connection broker, session hosts , remote apps virtual servers.  i've used remote desktop app on own android phone, no issues @ - connects published gateway url , can login , access network. we looking move business onto nokia handsets ms operating system (currently on blackberry), not able connect via remote desktop app on nokia lumia handset. setup, per android config , brings remote apps , remote desktop screen, know can connect.  when select remote desktop, shows following process: initiating remote connection securing remote connection certificate can't verified - choose connect it digitally signed cert (digicert sha2), pc name different physical connection broker name (inherited domain name old gov project - can't publish publicly) initiating establishing securing connection error have been 0x207 getting 0x607 a bit baffled, work on android (and ipad @ home using app). assume ms use d...
Read more