Installing Additional Domain Controller in different Network

Similar Messages

• Unable to complete Additional domain controller installation

  HI Team,
  I have a Lab setup having 3 domain controllers. Initially I promoted a Domain Controller on 2008 server. After that I promoted another 2008 server as additional domain controller. Everything was completed successfully . But when I tried a 2012 server
  as additional controller , the installation was not getting completed. Actually process is stucked in installation Tab. Even I installed 2012 server newly and the issue is persist.
  Can anyone suggest me to fix this issue ?
  Do we need to migrate schema ?
  Regards
  Sajin P S

  Hi Anuj,
  I'm sure that its is some thing related to a network issue. Make sure that all the necessary ports are open between the domain controllers.
  Active Directory and Active Directory Domain Services Port Requirements
  http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx
  Active Directory Firewall Ports - Let's Try To Make This Simple
  http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx
  Use port query tool to see the opened ports.
  http://social.technet.microsoft.com/wiki/contents/articles/4494.windows-server-troubleshooting-the-rpc-server-is-unavailable.aspx#Using_PortQry
  Regards,
  Rafic
  If you found this post helpful, please give it a "Helpful" vote.
  If it answered your question, remember to mark it as an "Answer".
  This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

• What is the best practice and Microsoft best recommended procedure of placing "FSMO Roles on Primary Domain Controller (PDC) and Additional Domain Controller (ADC)"??

  Hi,
  I have Windows Server 2008 Enterprise  and have
  2 Domain Controllers in my Company:
  Primary Domain Controller (PDC)
  Additional Domain Controller (ADC)
  My (PDC) was down due to Hardware failure, but somehow I got a chance to get it up and transferred
  (5) FSMO Roles from (PDC) to (ADC).
  Now my (PDC) is rectified and UP with same configurations and settings.  (I did not install new OS or Domain Controller in existing PDC Server).
  Finally I want it to move back the (FSMO Roles) from
  (ADC) to (PDC) to get UP and operational my (PDC) as Primary. 
  (Before Disaster my PDC had 5 FSMO Roles).
  Here I want to know the best practice and Microsoft best recommended procedure for the placement of “FSMO Roles both on (PDC) and (ADC)” ?
  In case if Primary (DC) fails then automatically other Additional (DC) should take care without any problem in live environment.
  Example like (FSMO Roles Distribution between both Servers) should be……. ???
  Primary Domain Controller (PDC) Should contains:????
  Schema Master
  Domain Naming Master
  Additional Domain Controller (ADC) Should contains:????
  RID
  PDC Emulator
  Infrastructure Master
  Please let me know the best practice and Microsoft best recommended procedure for the placement of “FSMO Roles.
  I will be waiting for your valuable comments.
  Regards,
  Muhammad Daud

  Here I want to know the best practice
  and Microsoft best recommended procedure for the placement of “FSMO Roles both on (PDC) and (ADC)” ?
  There is a good article I would like to share with you:http://oreilly.com/pub/a/windows/2004/06/15/fsmo.html
  For me, I do not really see a need to have FSMO roles on multiple servers in your case. I would recommend making it simple and have a single DC holding all the FSMO roles.
  In case if
  Primary (DC) fails then automatically other Additional (DC) should take care without any problem in live environment.
  No. This is not true. Each FSMO role is unique and if a DC fails, FSMO roles will not be automatically transferred.
  There is two approaches that can be followed when an FSMO roles holder is down:
  If the DC can be recovered quickly then I would recommend taking no action
  If the DC will be down for a long time or cannot be recovered then I would recommend that you size FSMO roles and do a metadata cleanup
  Attention! For (2) the old FSMO holder should never be up and online again if the FSMO roles were sized. Otherwise, your AD may be facing huge impacts and side effects.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• Additional domain controller

  hi , we r using win2008 r2 and recently we have created additional domain controller on another server in the same forest can we install sql server 2008 same as on our main domain controller pls advivice its urgent
  thanks
  ganesh

  Please see http://support.microsoft.com/kb/2032911/no
  Regards,
  Thomas

• Error while configuring ADC (Additional Domain Controller)

  Hello Experts,
  I am configuring ADC (Additional Domain controller) in a member server which is in workgroup. while configuring ADC on that server, I got a window saying "additional information for this domain controller", where there were three options, i.e.
  DNS server, Global Catalog, RODC (Read only Domain controller) and bydefault first two options(DNS & Global Catalog) were checked. I kept that setting and clicked on next. Now this is showing I need to give a static IP to my adapter, but I have already
  given a static IP. when I unchecked the DNS button from that window it was not giving such error. Now my question is if I continue without checking the DNS, will it give me trouble in future. Please suggest. I am using MS2008 R2.
  Swaprakash..

  Ensure that you don't have another NIC in your server that is set to obtain IP address from DHCP. However, even if you proceed with this warning, you will probably not have any errors later, as long as you're sure that you have static IP assigned to your
  internal NIC.
  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Damir

• Can we run domain controller windows 2008 32 bit and additional domain controller on 2003 server

  im my environment we are trying to upgrade from server 2k3 to 2k8, out testing done on server 2k3 to 2k8, but can we run domain controller windows 2008 32 bit and additional domain controller on 2003 server ...kindly suggest
  Nitin Gaurav
  [email protected]

  Yes you can. If you have two 2003 AD servers currently and upgrade one of them to 2008 AD then they'll continue to be able to work together. The domains functional level will remain as 2003 across both servers so at this stage you won't get any benefit from
  the new AD functionality available in 2008.
  Once you've then upgraded the second 2003 server to 2008 you can then upgrade the functionality levels in AD to make it 2008. It's been a while, but I believe it doesn't happen automatically, so once all AD servers have been upgraded you have to go into
  AD and upgrade the functionality levels yourself.

• Ports for Creating Additional Domain controller at my remote DRC site

  Hello Expert,
  I have my disaster recovery center (DRC) at a remote place, now I want to configure Additional domain controller (ADC) at my DRC, kindly share me the list of ports that I need to open at my firewall to configure this ADC. I am having Server 2008R2 environment.
  Swaprakash..

  Hi,
  The blelow link has a detailed information of the required port should be open for AD communication
  Active Directory Firewall Ports - Let's Try To Make This Simple 
  http://msmvps.com/blogs/acefekay/archive/2011/11/01/active-directory-firewall-ports-let-s-try-to-make-this-simple.aspx
  http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx
  http://social.technet.microsoft.com/wiki/contents/articles/584.active-directory-replication-over-firewalls.aspx
  Regards,
  Rafic
  If you found this post helpful, please give it a "Helpful" vote.
  If it answered your question, remember to mark it as an "Answer".
  This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

• Problematic issues in installing backup domain controller on Virtual Machine

  Hello,<o:p></o:p>
  I have a physical domain controller - windows Server 2012 R2 Standard installed
  in my domain environment and this is a first root domain controller.
  I have also Hyper-V Server 2012 R2 installed and joined in that domain. 
  Now I want to install an additional (Backup) domain controller as a virtual
  machine hosted on Hyper-V Server. So while promoting VM as a DC all actions and
  steps go well but the problem arise when I press the install button at the end
  of the promotion - installation gets stuck in the process of writing some
  configuration files on first DC and also in the process of replication. Unfortunately
  VM does not promote as a DC and it goes to restart.
  The error event log with - NETLOGON source is logged on the virtual machine as
  well.
  Do you have some suggestions with this issue, or experience how to resolve this..
  Thanks a lot in advance,
  GMG
  <o:p></o:p>

  Now I want to install an additional (Backup) domain controller
  There is no backup DC. All DCs are RW except RODCs.
  I would recommend first checking the health status of the existing DC using
  dcdiag command. Also, please check the IP settings in use: Please make sure that the existing DC has its primary IP address in use and that public DNS servers are set as forwarders and not in IP settings of the DC. For the new DC, please make sure
  that it points to the existing DC as primary DNS server and once promoted you can see the recommendations here to update the configuration: http://social.technet.microsoft.com/wiki/contents/articles/18513.active-directory-replication-issues-basic-troubleshooting-steps-single-ad-domain-in-a-single-ad-forest.aspx
  Please also disable temporary all security software in use on the DCs and make sure that needed ports for AD replication and authentication are not blocked or filtered between the DCs.
  This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Get Active Directory User Last Logon
  Create an Active Directory test domain similar to the production one
  Management of test accounts in an Active Directory production domain - Part I
  Management of test accounts in an Active Directory production domain - Part II
  Management of test accounts in an Active Directory production domain - Part III
  Reset Active Directory user password

• DFSR Replication Event ID 1202 The DFS Replication service failed to contact domain controller Additional Information: Error: 160 (One or more arguments are not correct.)

  Hi,
  hummmm...
  The client had 1 Server with AD and All Apps, IIS, Terminal Servers (30 device Cal), File Server, SQL2008R2 on it
  Task: Install new AD server promote it to DC,  bring in 2nd server, Replicate the File Server (DFSR) on these 2 servers, and demote it to standard server. 
  1) Old AD with name "Server" with OS-2008R2 SP1 and is a DC.
  2) Brought in a new server "PrimaryAD", Installed 2008R2, done DC Promo, and added it as Additional Domain controller
  3) Transferred roles from old server "Server" to "PrimaryAD"
  4) Brought in a new File Server replicating server "Backup-Server"
  5) Copied all the data from Server to Backup-server as DFS initial file sync with robocopy
  6) here the problem started, after the copy finished, next morning the "Server" server crashed.....
  7) thank god the data was backed up on Backup-server. but we didnt get the time to Demote the server "Server" and remove AD from it.
  8) Since AD was replicated so "PrimaryAD" was are DC, brought 2nd Server "SecondaryDC" as additional domain controller.
  9) we cleaned up the metadata and used ASIEDIT to clean the remaining stuff.
  10) the "Server" server was formatted and renamed as "Primary-Server" and OS2008R2 SP1 was installed with rest of required apps
  11) so now the PrimaryAD the DC, SecondaryAD the Additional Domain controller, Primary-Server the mail server and File server, the Backup-server, the replicated server.
  Now configured DFS Replication from Primary-Server to Backup-server and receive following Event ID 1202
  If i Configure DFS Replication as follows
  PrimaryAD <<>> SecondaryAD -= Works... no errors...
  PrimaryAD <<>> Backup-Server = Creates but Dosent works Event ID 5012, error The DFS Replication service failed to communicate with partner BACKUP-SERVER, Additional Information: Error: 9026 (The connection is invalid)
  PrimaryAD <<>> Primary-Server = Dosent creates replication job just hangs,
  on primaryad continious Eveni ID 10009, DCOM was unable to communicate with the computer "SERVER" using any of the configured protocols
  ......something on PrimaryAD is still trying to connect to old corrupt AD server "Server"
  No errors with AD replication, SYSVOL & Netlogon shares also working fine and accessible.
  DFS Diagnose report says
  DNS name: backup-server.mydomain.com
  Domain name: mydomain.COM
  Reference domain controller: --           (HERE there is NO DOMAIN CONTROLLER mentioned) 
  IP address: 192.168.1.248,192.168.1.251,::1
  Site: Default-First-Site-Name
  Forgot to mention, gave full rights with ADSIEDIT to DFSR-LocalSettings  for all server to Administrator and read permissions to "Authenticated Users"
  DFSRDIAG POLLAD throws following error
  c:\Dfsrdiag pollad /verbose
  [INFO] Computer Name: BACKUP-SERVER
  [INFO] Computer DNS: Backup-Server.mydomain.COM
  [INFO] Domain Name: mydomain
  [INFO] Domain DNS: mydomain.COM
  [INFO] Site Name: Default-First-Site-Name
  [INFO] Connected to WMI services on computer: Backup-Server.mydomain.COM
  [INFO] Invoke PollDsNow() method on Backup-Server.mydomain.COM
  [ERROR] PollDsNow method executed unsuccessfully. ReturnValue: 12 (0xc)
  [ERROR] Failed to execute PollAD command Err: -2147217407 (0x80041001)
  Can anyone point me to any direction which can lead to resolution of this ERROR and make DFS_R work..
  Thanks
  bikram

  Hi,
  It seems that DCPROMO did its work without complaints, still the DFSR references remained in AD. You could refer to the article below to clean up the DFS Replication object.
  How to remove data in Active Directory after an unsuccessful domain controller demotion
  http://support.microsoft.com/kb/216498
  In additional, please refer to the following thread to troubleshoot the issue:
  DFS is not working anymore.
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/953be9ef-e9e3-4885-a5c4-47fc475ba562/dfs-is-not-working-anymore?forum=winserverfiles
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Install Domain Controller, Active Directory, RemoteApps on Single Server?

  Have a server that I want to experiment with RemoteApps.   Documentation I have read state you need to have a Domain Controller setup with AD on one server, and have a second server to install all the RemoteApps requirements. Is this true or can
  this all be done on one server.
  If I need a separate server for the Domain Controller and Active Directory, can I assume that a low end server would be sufficient?  Or would using Hyper-V with a single hardware server and create two virtual machines: one as the DC/AD, and the other
  to run Remote Apps be a possible solution.  Any advice?

  it really depends to be honest. I'd probably go something like this though:
  One Small physical server to act as a domain controller - you could put DHCP on this too
  One or Two physical, quite powerful servers to act as Hyper-V hosts - these can be domain joined. 
  Then for your VM's create the following:
  1 x additional domain controller
  For remote desktop services:
  1 x Remote Desktop Session Host
  1 x Connection Broker
  1 x Gateway and web server
  For additional services
  1 or 2 x Exchange
  1 x sharepoint
  1 x IIS
  but it really depends what you want to achieve. 
  The benefit from Virtual machines is that you can keep separate virtual servers for separate applications. 
  If you have two hosts you could then replicate the virtual machines between them if you wanted some layer of fault tolerance. 
  Hope this helps you a bit more. And thanks for positive blog feedback - its appreciated. 
  Regards,
  Denis Cooper
  MCITP EA - MCT
  Help keep the forums tidy, if this has helped please mark it as an answer
  My Blog
  LinkedIn:

• Network Policy Server: No Domain Controller Available

  When attempting to configure our domain controller as a Network Policy Server, I am receiving an error message stating that there is no domain controller available for domain K12.TX.US (which is the NETBIOS name of our domain).
  The Full DNS Name of our Domain is : nederland.k12.tx.us
  Log Name:      System
  Source:        NPS
  Date:          3/7/2014 12:55:51 PM
  Event ID:      4402
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      ADMIN-PDC.nederland.k12.tx.us
  Description:
  There is no domain controller available for domain K12.TX.US.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="NPS" />
      <EventID Qualifiers="49152">4402</EventID>
      <Level>2</Level>
      <Task>0</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-03-07T18:55:51.000000000Z" />
      <EventRecordID>84518</EventRecordID>
      <Channel>System</Channel>
      <Computer>ADMIN-PDC.nederland.k12.tx.us</Computer>
      <Security />
    </System>
    <EventData>
      <Data>K12.TX.US</Data>
    </EventData>
  </Event>
  Please help, as I believe that this is causing the following error:
  Log Name:      Security
  Source:        Microsoft-Windows-Security-Auditing
  Date:          3/7/2014 12:55:51 PM
  Event ID:      6273
  Task Category: Network Policy Server
  Level:         Information
  Keywords:      Audit Failure
  User:          N/A
  Computer:      ADMIN-PDC.nederland.k12.tx.us
  Description:
  Network Policy Server denied access to a user.
  Contact the Network Policy Server administrator for more information.
  User:
  Security ID: NULL SID
  Account Name: abusby
  Account Domain: K12.TX.US
  Fully Qualified Account Name: K12.TX.US\abusby
  Client Machine:
  Security ID: NULL SID
  Account Name: -
  Fully Qualified Account Name: -
  OS-Version: -
  Called Station Identifier: 00-19-92-0C-E4-E9:NISD_Testing
  Calling Station Identifier: B8-E8-56-A8-D4-D9
  NAS:
  NAS IPv4 Address: 10.250.1.15
  NAS IPv6 Address: -
  NAS Identifier: -
  NAS Port-Type: Wireless - IEEE 802.11
  NAS Port: 0
  RADIUS Client:
  Client Friendly Name: Testing Access Point
  Client IP Address: 10.250.1.15
  Authentication Details:
  Connection Request Policy Name: BlueSocket Wireless Connections
  Network Policy Name: -
  Authentication Provider: Windows
  Authentication Server: ADMIN-PDC.nederland.k12.tx.us
  Authentication Type: PEAP
  EAP Type: Microsoft: Secured password (EAP-MSCHAP v2)
  Account Session Identifier: -
  Logging Results: Accounting information was written to the local log file.
  Reason Code: 7
  Reason: The specified domain does not exist.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
      <EventID>6273</EventID>
      <Version>1</Version>
      <Level>0</Level>
      <Task>12552</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8010000000000000</Keywords>
      <TimeCreated SystemTime="2014-03-07T18:55:51.061488000Z" />
      <EventRecordID>3106129068</EventRecordID>
      <Correlation />
      <Execution ProcessID="584" ThreadID="4712" />
      <Channel>Security</Channel>
      <Computer>ADMIN-PDC.nederland.k12.tx.us</Computer>
      <Security />
    </System>
    <EventData>
      <Data Name="SubjectUserSid">S-1-0-0</Data>
      <Data Name="SubjectUserName">abusby</Data>
      <Data Name="SubjectDomainName">K12.TX.US</Data>
      <Data Name="FullyQualifiedSubjectUserName">K12.TX.US\abusby</Data>
      <Data Name="SubjectMachineSID">S-1-0-0</Data>
      <Data Name="SubjectMachineName">-</Data>
      <Data Name="FullyQualifiedSubjectMachineName">-</Data>
      <Data Name="MachineInventory">-</Data>
      <Data Name="CalledStationID">00-19-92-0C-E4-E9:NISD_Testing</Data>
      <Data Name="CallingStationID">B8-E8-56-A8-D4-D9</Data>
      <Data Name="NASIPv4Address">10.250.1.15</Data>
      <Data Name="NASIPv6Address">-</Data>
      <Data Name="NASIdentifier">-</Data>
      <Data Name="NASPortType">Wireless - IEEE 802.11</Data>
      <Data Name="NASPort">0</Data>
      <Data Name="ClientName">Testing Access Point</Data>
      <Data Name="ClientIPAddress">10.250.1.15</Data>
      <Data Name="ProxyPolicyName">BlueSocket Wireless Connections</Data>
      <Data Name="NetworkPolicyName">-</Data>
      <Data Name="AuthenticationProvider">Windows</Data>
      <Data Name="AuthenticationServer">ADMIN-PDC.nederland.k12.tx.us</Data>
      <Data Name="AuthenticationType">PEAP</Data>
      <Data Name="EAPType">Microsoft: Secured password (EAP-MSCHAP v2)</Data>
      <Data Name="AccountSessionIdentifier">-</Data>
      <Data Name="ReasonCode">7</Data>
      <Data Name="Reason">The specified domain does not exist.</Data>
      <Data Name="LoggingResult">Accounting information was written to the local log file.</Data>
    </EventData>
  </Event>

  Yes I did see that article, and there are plenty of logs from another device that authenticates via
  RADIUS. Requests from our 802.1x wireless network are giving the "the specified domain does not exist" error. I can enter the username asusername,
  username@domain, or domain\username and
  neither method fixes the error.

• Upgrading windows server 2003 domain controller to windows server 2008

  Hello friedns :
  We have a company with about 2000 users , and two windows server 2003 domain controllers , one of them acts as a primary domain controller , and the other acts as secondary domain controller , all the FSMO s are on the primary DC ,we have decided to upgrade all of our servers from windows server 2003 to windows server 2008 , the first step is to upgrade the domain controllers to windows server 2008 , our domain controllers are so sensitive and has to be active 24 hours a day , i have stress upgrading it to windows server 2008 , what is the best solution to upgrade it with no risk ?
  ( i have an opinion but i am not sure and i dont have any guide about it , i want to install a windows server 2008 and promote it as an additional domain controller to the windows server 2003 DC and the transfer all the FSMOs to it , and then promote the first domain controller !!! is that possible ? if yes , is there any guide about it? )
  If there is a guide available for it please let me know . (Specially if there is a tip & trick)
  thank you guys.
  Network is my LOVE

  Hi,
  This TechNet online article might be helpful for you.
  How to Upgrade Domain Controllers to Windows Server 2008 or Windows Server 2008 R2
  http://technet.microsoft.com/en-us/library/ee522994(WS.10).aspx
  For your convenience, I have list some general steps for your reference.
  Since the following operation have potential damage to Active Directory database, it is highly suggested that you'd better perform a full backup of Active Directory (System State) firstly. Also it is better to test the following procedure in a similar lab environment first.
  General Steps:
  =============
  1. Verify the new server's TCP/IP configuration has been pointed to the current DNS server.
  2. Make the new server become a member server of the current Windows Server 2003 domain first.
  3. Upgrade the Windows Server 2003 forest schema to Windows Server 2008 schema with the "adprep /forestprep" command on old server.
  Please run the "adprep.exe /forestprep" command from the Windows Server 2008 installation disk on the schema master. To do this, insert the Windows Server 2008 installation disk, and then type the following command:
  Drive:\sources\ADPREP\adprep.exe /forestprep
  4. Upgrade the Windows 2003 domain schema with the "adprep /domainprep" command on old server.
  Please run the "adprep.exe /domainprep" command from the Windows Server 2008 installation disk on the infrastructure master. To do this, insert the Windows Server 2008 installation disk, and then type the following command:
  Drive:\sources\ADPREP \adprep.exe /domainprep
  5. Insert Windows Server 2008 Installation Disc in the new server.
  6. Run "dcpromo" on new server to promote it as an additional domain controller in existing Windows 2003 domain, afterwards you may verify the installation of Active Directory.
  Please refer to:
  How to Verify an Active Directory Installation in Windows Server 2003
  http://support.microsoft.com/kb/816106
  7. Verify the new server's TCP/IP configuration has been pointed to current DNS server.
  8. Enable Global Catalog on new server and manually Check Replication Topology and afterwards manually trigger replication (Replicate Now) to synchronize Active Directory database between 2 replicas.
  Please note: It will some time to replicate GC between DC, please wait some time with patience.
  9. Disable Global Catalog on the old DC.
  10. Transfer all the FSMO roles from the old DC to the new DC.
  Please refer to:
  How to view and transfer FSMO roles in Windows Server 2003
  http://support.microsoft.com/kb/324801
  11. Verify that the old DNS Server Zone type is Active Directory-Integrated. If not, please refer to:
  How To: Convert DNS Primary Server to Active Directory Integrated
  http://support.microsoft.com/kb/816101
  Note: Active Directory Integrated-Zone is available only if DNS server is a domain controller.
  12. Install DNS component on new server and configure it as a new DNS Server (Active Directory Integrated-Zone is preferred). All the DNS configuration should be replicated to the new DNS server with Active Directory Replication.
  13. Make all the clients change TCP/IP configuration to point to new server as DNS.
  14. You may configure TCP/IP on all the clients, or adjust DHCP scope settings to make them use the new DNS server.
  Please note: It is a good practice to make the old DC offline for several days and check whether everything works normally with the new server online. If so, you may let the old DC online and run DCPROMO to demote it.
  Hope it helps.
  Regards,
  Wilson Jia
  This posting is provided "AS IS" with no warranties, and confers no rights.

• Moving domain controller vm between Hyper-V 2012 R2 hosts

  Hello,
  I have one stand alone Hyper-V host - hvserver01 (Hyper-V Server 2012 R2) and 3 VM's running on it. One Virtual machine is our company's additional Domain controller.
  I'm planning to install an additional hyper-v host - hvserver02 (Hyper-V Server 2012 R2) as well.
  I have the following task to perform: I need to move domain controller virtual machine from hvserver01 to hvserver02.
  So, for this operation which tool do i need - move, export/import or something else... ? or it will be necessary to install a new DC and then demote the old one.. ?
  Is there a some special requirements when moving DC from one virtual host to another.. ?
  And also, - MS Hyper-V Server 2012 R2 is installed on both Hyper-V hosts.
  Do you have some advices ?
  Thanks in advance,

  There's no difference between a VM acting as your DC and any other VM as far as live-migration is concerned.
  You should use live-migration. The VM will remain up and running during the entire process. Both Hyper-V hosts should be domain members. They should have vSwitches with the same exact name. They should have same CPU type, or configure CPU compatibility on
  the VM. Configure Live-migration setting on each host. You can use Hyper-V Manager for live-migration..
  Sam Boutros, Senior Consultant, Software Logic, KOP, PA http://superwidgets.wordpress.com (Please take a moment to Vote as Helpful and/or Mark as Answer, where applicable) _________________________________________________________________________________
  Powershell: Learn it before it's an emergency http://technet.microsoft.com/en-us/scriptcenter/powershell.aspx http://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx

• Sun Directory Server as Primary Domain Controller.

  Hello,
  I've recently installed Sun Directory Server, Access Manager, and DSEE Identity Manager, on CentOS 5.2, with success, but my question is:
  Can I use this directory as a primary domain controller for my network, I want to know if it is possible to integrate this directory in the same way that Active Directory works, I mean connecting Windows computers to the DC with some kind of connector (because windows won't connect to another directory than AD natively). I know that there are some MSGina replacements, like pgina, but I'm looking for some serious solution, especially for computers running Windows Vista.
  Thanks in advance.

  Hi,
  thanks for your answer, but.. there is a way to configure the DSEE to be like a native 2000/2003 Active Directory?, I mean, connecting directly to the DSEE without using Samba, I know that is possible to use that solution, but you lose some functionality.
  I've been trying to do some research about the topic, like modifying the bind DNS to act like a AD DNS, and it works at a certain grade, windows xp detects the SVR records but when it tries to connect to the directory it fails giving me an error telling that the DC isn't available. It will be great to make such environment, Windows XP / Vista connected to DSEE without third party software.
  Any comment would be greatly appreciated.
  Thanks.

• Exchange server-Removing a Domain Controller from the forest

  Hi Guys,
  I need some help on removing a faulty domain controller from the AD forest. Here is the scenario:
  1. The FSMO roles have been seized to a new domain controller already.
  2. The old one is non-functional and is down for ever.
  I know the steps would be doing a meta-data cleanup And then remove some of the DNS entries related to the old server. But the real issue is:
  > I have Exchange 2013 running in one of the machines configured in the Forest, which was migrated from the old Domain controller. I then set Exchange listening to the new domain controller.
  So, my doubt is, if I delete the old domain controller and do a metadata cleanup, would it have any effect on the exchange server? The Exchange machine acts as an additional domain controller as well. Its a production environment and any
  change that affects Exchange would cause a big loss. Looking forward for your valuable suggestions..
  Regards,
  Nash

  Hi Ed,
  I don't have issues with the AD on the Exchange server. Eventhough it is configured as an AD, Exchange is pointed to the main working domain controller, which is a different machine. I just want to remove the traces of an old domain controller from which
  I transferred the FSMO roles to the new domain controller. The old  domain controller is completely down and hence I can't do a conventional 'dcpromo' on it. So just planning to do a 'metadata clean up' for removing the non-working DC from the forest. 
  So, In essence, I just want to know that, if I do a metadata cleanup, would it affect the Exchange server in any way?
  Regards,
  Nash