Windows 2008 Domain Controller issues

[jaycruseKC]

I have older hardware running a Windows 2008 DC. My goal is to upgrade the hardware and remove the old dc from production. Here's what I have done.

Installed OS
added roles of: AD, DHCP, DNS, File Services, NPS,

promoted with DCPROMO

I then changed IP of old DC and made new dc the ip of the old dc

all went well up to this point.

The DHCP of old dc and new dc seemed to be linked, if I run DHCP off of new box with DHCP off on old box, it will not issue ip's. Even though I imported the DHCP db from old dc to new dc.

2nd problem:
THe NPS will not authenticate users on the new server, the router Juniper SSG140 keeps saying that it cannot find the server, even though the server is on the same switch and the ip's are what the old dc used to be.

As of now I am stumped.

Any ideas?

 

[imagoon]

AD uses DNS not IP's. The process you used is not the proper way to replace a Domain controller.

You would have needed to join the server to the existing domain, promote it, transfer the FSMO roles, install the new roles, use the MS site to locate the instructions on how to properly transfer each roles configuration. Then demote the old roles and eventually demote the old DC.

Domain controllers can handle IP changes but often the roles don't handle it well. It is better to use the documented procedure to transfer the old config to the new server than to just turn on the roles and go.

As for NPS, if you used certificates you need to install the new certs. Certs are based on DNS not IP's (in 99%+ of the situations.)

 

[jaycruseKC]

nevermind... The master was down, so it was only replicating from the old dc and not the master also. It works now.