so here´s the problem. i have a small domain, controlled by a machine with the windows 2000 server. one of the pcs on the domain is another server, with windows 2008 server installed, where i run a management software from. so, bad politics = bad luck. domain controlller melted down, domain controller gone, completely gone. is it ok to DCPROMO the windows 2008 server machine i have in the domain? will something go wrong?
Asked
Active
Viewed 160 times
0
-
If you promote a server to DC while no DC is available you will create a new domain. You'll basically start from scratch ... or even worse, since you have to migrate everything (user, computer, permissions etc) from a not existing domain to a new one. Personally I'd try everything possible to revive the old domain controller before I have to do all that. – Gerald Schneider Feb 12 '18 at 09:55
-
so, if i change the name to the name of the other server (ipaddress, everything like the old one), and keep all the definitions in the domain pcs/users, it wont matter, it will still go wrong? – questionador Feb 12 '18 at 10:08
-
`will something go wrong?` Most likely yes. – Greg Askew Feb 12 '18 at 10:27
-
1To create a second DC you need a working DC. – Gerald Schneider Feb 12 '18 at 10:33
2 Answers
3
There are a number of things to consider here:
Promoting the Windows 2008 member server will create a new forest. You cannot "salvage" your existing environment unless you have a backup of the 2000 server that you can restore. I'm assuming you don't, since you're asking this question. In this case, all of your policies will be gone, everything AD related will have to be reconfigured and workstations and member servers will have to be joined to the new domain.
If you're going to use Active Directory you should have at least two domain controllers that can survive hardware-level failures - i.e. are not VMs on the same host, are not on the same underlying storage environment, etc. This is the cost of using Active Directory. If you're not ready to dedicate two servers to AD, then you shouldn't be using it.
If you promote the already-configured 2008 server, local users become domain users. Locally privileged groups become domain-privileged groups. Also, as a best practice, domain controllers should host the AD DS service, DNS, and nothing else. That doesn't sound like that's the case here.
Windows Server 2008 goes end-of-extended-support on January 14, 2020. That is less than two years away. You should be actively migrating away from it.
So with all that being said - assuming you can't simply restore the environment to its previous state - you should deploy two new Windows Server 2016 servers and promote both of them to Active Directory Domain Controllers in the same domain.
You should then re-join all of the member servers and workstations to this new Active Directory domain and take proper backups, including system state, which will allow you to do an authoritative restore of AD if you ever need to again.
MDMarra
- 100,734
- 32
- 197
- 329
0
Windows 2000 is really, really old.. please make sure you create a upgrade plan in the futur for your gear.
For a small number of clients it can be faster to create a new domain.
Usually it's around 2 hours to migrate a profile on a computer from a domain to another. So you can calculate the time you will loose on all PC from there.
You dcpromo the 2008, I hope it's an R2, as the 2008 without R2 is no longer supported by Microsoft too. (some step there)
You rejoin the new domain for all PC.
You migrate all profile.
Do you have data on that 2000 that you need to restore ?... I hope not, as now with the dcpromo you did on the 2008 that 2000 must stay down, or if you bring it up remove the network cable before you boot it.
yagmoth555
- 16,758
- 4
- 29
- 50