DC Demotion Question

wirestyle22

@travisdh1 said in DC Demotion Question:

@wirestyle22 said in DC Demotion Question:

@BRRABill said in DC Demotion Question:

@wirestyle22 said

Interested in seeing this

@scottalanmiller said he is going to do a writeup someday (soon?) on this process. (Replacing AD with Samba.)

I'll probably give it a go. We're down to less than 20 employees, so if it burns, it burns.

Is SAMBA4 better in a windows only environment or is it simply the best solution for hybrid environments?

In a Windows only environment, I don't know if it really makes sense. Assuming you have the license in place already, why not use the native platform? Doesn't mean a SAMBA DC doesn't make all kinds of sense when you don't have the licensing in place already.

Well, you need to maintain said licensing (ie refreshes etc). I'd rather move to SAMBA and use the licensing for other stuff or spend less if possible

scottalanmiller

@travisdh1 said in DC Demotion Question:

@wirestyle22 said in DC Demotion Question:

@BRRABill said in DC Demotion Question:

@wirestyle22 said

Interested in seeing this

@scottalanmiller said he is going to do a writeup someday (soon?) on this process. (Replacing AD with Samba.)

I'll probably give it a go. We're down to less than 20 employees, so if it burns, it burns.

Is SAMBA4 better in a windows only environment or is it simply the best solution for hybrid environments?

In a Windows only environment, I don't know if it really makes sense. Assuming you have the license in place already, why not use the native platform? Doesn't mean a SAMBA DC doesn't make all kinds of sense when you don't have the licensing in place already.

They have licensing for 2003. This is a free update.

BRRABill

@scottalanmiller said

They have licensing for 2003. This is a free update.

Huh?

wirestyle22

@BRRABill said in DC Demotion Question:

@scottalanmiller said

They have licensing for 2003. This is a free update.

Huh?

He means I'm always going to have licensing in place

BRRABill

Well, I DCPROMOed the one physical DC last night. Nothing seems to have burned down.

I was having some DNS issues, but I think it was due to the fact that my machine was pointing to the demoted DC (which obviously had the DNS role installed) and it had been gutted by DCPROMO. I removed the role and everything seems OK thus far.

Though very few users are here. I'll feel better by like 10AM.

JaredBusch

@BRRABill said in DC Demotion Question:

Well, I DCPROMOed the one physical DC last night. Nothing seems to have burned down.

I was having some DNS issues, but I think it was due to the fact that my machine was pointing to the demoted DC (which obviously had the DNS role installed) and it had been gutted by DCPROMO. I removed the role and everything seems OK thus far.

Though very few users are here. I'll feel better by like 10AM.

Did you update DHCP to no longer pass out the old DC as a DNS option?

Did you go through all the static IP devices and remove the old DC DNS info from them?

BRRABill

@JaredBusch said in DC Demotion Question:

@BRRABill said in DC Demotion Question:

Well, I DCPROMOed the one physical DC last night. Nothing seems to have burned down.

I was having some DNS issues, but I think it was due to the fact that my machine was pointing to the demoted DC (which obviously had the DNS role installed) and it had been gutted by DCPROMO. I removed the role and everything seems OK thus far.

Though very few users are here. I'll feel better by like 10AM.

Did you update DHCP to no longer pass out the old DC as a DNS option?

Did you go through all the static IP devices and remove the old DC DNS info from them?

Yes and hopefully.

BRRABill

Everything is still running fine.

Next step will be to P2V this puppy and get it on XS.

Then I'll be even happier!

BRRABill

Did you know...

Apparently it's a PITA to transfer DHCP to an existing DC?

(Countdown to someone saying "just install in on a Linux box" in 5...4...3...)

coliver

@BRRABill said in DC Demotion Question:

Did you know...

Apparently it's a PITA to transfer DHCP to an existing DC?

(Countdown to someone saying "just install in on a Linux box" in 5...4...3...)

It is? How so? You can easily backup the DHCP scopes and restore them to the new DC, decom the old one and turn up the new one. I've done it twice in the past without any issues.

wirestyle22

@BRRABill I'm testing domain migrations in my test environment tonight actually. I want to attempt to move from 2003 to 2012.

Dashrender

@coliver said in DC Demotion Question:

@BRRABill said in DC Demotion Question:

Did you know...

Apparently it's a PITA to transfer DHCP to an existing DC?

(Countdown to someone saying "just install in on a Linux box" in 5...4...3...)

It is? How so? You can easily backup the DHCP scopes and restore them to the new DC, decom the old one and turn up the new one. I've done it twice in the past without any issues.

Exactly - what issue are you having? What does it being a DC have to do with it?

tiagom

Is this from 2003 to 2012 R2? If so you can use the Windows Server Migration Tools.

BRRABill

@coliver said

It is? How so? You can easily backup the DHCP scopes and restore them to the new DC, decom the old one and turn up the new one. I've done it twice in the past without any issues.

The KB article I read said you have to move the role BEFORE promoting it to a DC, otherwise it's a PITA. Though re-reading it now, it's a bit confusing...

"Additionally, if the target Windows 2003 server is a member server, and if you plan to promote it to a domain controller, we suggested that you perform the DHCP database migration before promoting it to a domain controller. Although you can migrate the DHCP database to a Windows 2003 domain controller, the migration to a member server will be easier because of the existence of the local administrator account.

1. Log on as a user who is an explicit member of the local Administrators group. A user account in a group that is a member of the local Administrators group will not work. If a local Administrators account does not exist for the domain controller, restart the computer in Directory Services Restore Mode, and use the administrator account to import the database as described later in this section."

Ah, I think I read that wrong. I think logging in as a Domain Admin will be OK.

coliver

Wait.... you're still deploying to Server 2003? Are you the one that is waiting till next month (or November) for 2016 to come out?

scottalanmiller

@coliver said in DC Demotion Question:

Wait.... you're still deploying to Server 2003? Are you the one that is waiting till next month (or November) for 2016 to come out?

Or moving to Samba4.

BRRABill

Yes, those both are me.

Keep in mind, I was ready to move to 2012, and deided to wait at the advice of ML, which has caused zero issues thus far.

Right now I am in the process of moving all the physical machines to virtual.

Only 2 left. Probably only 1 left at the end of today.

BRRABill

Well, DHCP transferred nicely.

It really was that easy.

Dashrender

Have you looked into the cost of buying Server 2012 with SA versus what 2016 will cost? They are changing the licensing to be core based - I thought I read...

BRRABill

@Dashrender said in DC Demotion Question:

Have you looked into the cost of buying Server 2012 with SA versus what 2016 will cost? They are changing the licensing to be core based - I thought I read...

I did look at the cost.

But really, I am in no hurry. Everything is working fine.

Since I've moved then 2003 servers to VMs (on SSD) they've been blazing fast, even.