2

I have Active Directory and need to move to another ActiveDirectory(PDC) on the other computer and I want to do it this way:

  • Add a Backup Domain Controller
  • Synchronize the settings from Primary Domain Controller i.e import the settings
  • Make BDC as PDC(i.e switch them vice versa)
  • and "deactivate" new BDC(the old PDC)

It looks great but I need to know HOW can I implement it?

Environment:

OS - MS Windows Server 2008 R2(both PCs)

Nozim
  • 139
  • 5
  • 4
    There are no PDC's and BDC's under Active Directory. They are equals. The command you want to look up is dcpromo. – KCotreau Jun 15 '11 at 12:02

2 Answers2

9

It's a lot simpler then that:

  • Use DCPROMO to make a new Domain Controller.
  • Move the Functional Roles from one to the other.
    • Schema Master (from the AD Schema MMC)
    • Domain Naming Master (from AD Sites and Trusts)
    • Relative ID Master (from ADU&C)
    • Primary Domain Controller Emulator (from ADU&C, only useful for NT services)
    • Infrastructure Master (from ADU&C)
  • If needed turn on DNS services on the new DC.
    • Update any DHCP settings to advertise the new DNS server, or hand-update your statically assigned machines.
  • Use DCPROMO to demote the old Domain Controller.

The concept of a "Backup Domain Controller" was deprecated when Windows 2000 released. By Server 2008 R2 there is no concept like it. All domain controllers, except for Read-Only Domain Controllers, can do everything the NT PDC used to do. People get confused by that "PDC Emulator" role, all that is is a role to name one server as the PDC for very old software that expects there to be one and only one of those in a domain.

sysadmin1138
  • 133,124
  • 18
  • 176
  • 300
  • No the PDC emulator roles provides some important functionality that would not be available in a full "multi-master" environment, specifically related to password security – Jim B Jun 15 '11 at 12:55
  • Also don't forget to make the new DC a GC (global catalog). – Ethos Jun 15 '11 at 13:10
  • @Ethos 2008/ 2008 R2 DCs are GC servers by default. – HostBits Jun 15 '11 at 13:47
  • Sounds great but is there more detailed instruction for newbies? Sorry :) – Nozim Jun 16 '11 at 05:17
  • @Nozim I'm about... 12-36 hours from having time to write click-by-click instructions, so it'll be a while. – sysadmin1138 Jun 16 '11 at 11:31
  • @sysadmin1138 If I move those roles you mentioned from old DC to new will my AD objects(users,groups,groups and etc.) will be cloned from old DC into new DC too? – Nozim Jun 20 '11 at 09:12
  • @Nozim The moment you use DCPROMO to add a second domain controller all of the objects get replicated, and stay replicated, between the two. It's part of what makes AD nifty. The Functional Roles each serve a specific need in the tree and can only exist one place, thus the need to move them. – sysadmin1138 Jun 20 '11 at 11:39
  • haha, that's what I needed to know, Thank you very much :) – Nozim Jun 21 '11 at 03:23
  • @sysadmin1138 one more question: Can the computer beeing inside the domain become a domain Controller of the domain in which it is? – Nozim Jun 21 '11 at 05:43
0
  1. Once you promote your first Domain Controller wait for replication to be completed.
    1. Besides that ensure that your Second Domain Controller is also a DNS Server
    2. Change the DNS setting on the DHCP server to ensure that all the Clients get updated DNS as it is compulsory for Name resolution and login, etc.
    3. Transfer FSMO Roles to newly build Domain Controller
    4. Run DCPROMO on old Domain Controller to ensure it is gracefully demoted. Please ensure that you don't run the command dcpromo /forceremoval as it would result in many other issues.
    5. Check reference of old Domain Controller in DNS, Sites and Services, AD Users and Computers to ensure it is removed.

With all the above mentioned steps you are all set.

Rakesh Kapoor
  • 19
  • Adding a **backup DC** doesn't include removing the old DC, so your phases 5-6 doesn't answer the question. Everything else is already covered in the other answer. However, there's nothing wrong with your way to answer; I'd like to encourage you to find some [unanswered](https://serverfault.com/unanswered) questions and share your knowledge there, instead. – Esa Jokinen Jun 09 '17 at 10:07