see and

  • existing domain+forest at 2003 functional level
  • verify no replication errors using repadmin:
  • shut down DC VM's, then copy (not move) them to new server
  • on new server, start up DC's on a PRIVATE NETWORK (shared with new win2k12 VM's)
  • install AD domain services role - for server core, use powershell:
  • use wizard to promote new temporary win2k12 dc; it reboots; wait for replication (force this?)
  • make sure replication and DNS is working on new DC
  • set old DC's TCP/IP settings for DNS to point to new DC
  • transfer FSMO roles to new DC (powershell command @ 24:30) - in powershell: Move-ADDirectoryServerOperationMasterRole -Identity dc-temp -OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, InfrastructureMaster, RIDMaster
  • use dcpromo to demote old DC's, then shut them down
  • delete computer objects for old DC's and lingering server objects in sites+services
  • create final two DC's… repeat steps to promote them as DC's and transfer FSMO roles
  • demote temporary DC
  • on new DC's, temporarily remove default route and create manual routes so they can talk to upstream trusted servers; verify that authentication of trusted domains still works
  • remove temporary routes and re-enable default routes. everything should now be online again
  • verify that samba systems can all still authenticate
computer/win2k12_domain_update_notes.txt · Last modified: 2016/01/14 13:39 by tdobes
Recent changes RSS feed Driven by DokuWiki Valid XHTML 1.0 Valid CSS