Currently i have 2 domain controllers, let's call them AD1 and AD2. AD1 is the schema master, global catalog, etc. AD2 is the Certificate Authority master. Both of them are still running Win2000 server, but i have 2 new HP DL380 servers that are going to replace these DL360s.
What is the proper procedure for *replacing* them?
Here is what i have thought up, but i'd like some more opinions. Move the Certificate Auth
ority to AD1 (however that is done?), and copy the MSI folders to the new server. MSIs are used for pushing applications via group policy throughout the organization. Once the Cert Auth is moved and the software is transferred, i assume it will be safe to run dcpromo and demote AD2. Then run adprep /domain and /foreset on AD1 to get Active Directory ready for a new 2003 server. Once it runs then promote the new server to join an existing domain so that it copies everything from AD1. Once promoted, change the Cert Auth back to the new AD2 (again, however that is done i'm not sure the process) and hopefully that half will be good.
Then repeat the procedures for schema and global catalog master transfer the roles to the new AD2, demote the current AD1, replaced with the new AD1. Also running is Novell DirXML which syncs NDS with Active Directory so that will then be installed on AD1 and then transfer the schema roles back to AD1.
Sound good or am i gonna ruin the domain?
What is the proper procedure for *replacing* them?
Here is what i have thought up, but i'd like some more opinions. Move the Certificate Auth
ority to AD1 (however that is done?), and copy the MSI folders to the new server. MSIs are used for pushing applications via group policy throughout the organization. Once the Cert Auth is moved and the software is transferred, i assume it will be safe to run dcpromo and demote AD2. Then run adprep /domain and /foreset on AD1 to get Active Directory ready for a new 2003 server. Once it runs then promote the new server to join an existing domain so that it copies everything from AD1. Once promoted, change the Cert Auth back to the new AD2 (again, however that is done i'm not sure the process) and hopefully that half will be good.
Then repeat the procedures for schema and global catalog master transfer the roles to the new AD2, demote the current AD1, replaced with the new AD1. Also running is Novell DirXML which syncs NDS with Active Directory so that will then be installed on AD1 and then transfer the schema roles back to AD1.
Sound good or am i gonna ruin the domain?
Facebook
Twitter