General discussion

Locked

DC reload... fallback?

By Desktop Jinx ·
My first AD DC (also my DHCP, DNS, and RIS) needs bigger hard disks. I have three other DCs. (Only one site.)

I don't mind reloading it from scratch on bigger drives (using the same chassis, i.e. same CPU and NIC) -- indeed it may have been compromised and needs a reload, but...

1. Will I have problems adding this "new" server to the domain given that it's already listed in AD?

2. If things don't go well once I've done this and I decide to pull the new drives and fall back to the old drives, will the "old" server be recognized as valid?

Will the "new" server have a new SID, and where does this matter? Consider that I'm not restoring anything from tape, and all the shares and filesystem permissions on the "new" server will be built fresh. Browsing DNS, most AD _entries reference machines by name, but in _msdcs there is one GUID or SID looking Alias entry for each DC name. What services use these entries?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

DC reload... fallback?

by Joseph Moore In reply to DC reload... fallback?

Ok. If you swap out the drives from this DC, replace them with new larger drives, then install Win2K with the same machine name, the SID WILL be different and you will have problems.
1. You won't be able to give the server the same name. You can use the same IP address for it, so DNS resolution will be fine, but the Kerberos key exchange is not gonna authenticate properly.
It might be better to use Norton Ghost, copy the existing drives, then apply this ghost image onto your new hard drives. That way, everything could be replicated over, including the machine SID.
If you don't wanna try this, then I would demote this existing DC to just a member server, take it offline then delete its Computer account in your site on one of the other DCs. Then add the new hard drives and install Win2K with the same name and IP address. Then upgrade it to a new DC.
2. This one depends on how you handle the first item. If you decide to do the demote/install/promote option that removes all references to the original machine account, then yes there would be a problem. If you delete the Computer account from the Site, then try to add this original machine back with the OLD hard drives, the SID would be missing; if you added the new machine in with the old name, then using the old drives will tell you that the SID is DIFFERENT. If you DON'T touch the original machine account, then all would be well.

Kind of ugly, yes. Is just adding the hard drives and extending the existing paritions anoption? That might be easier.

Collapse -

DC reload... fallback?

by Desktop Jinx In reply to DC reload... fallback?

Exactly the information I needed. I hadn't thought of demoting. Regardless, I'm hosed.

I need to keep the name because I have lots of first-generation GPOs for Software Installation & Maintenance that reference packages stored on this server's shares. If I change the GPO to point to a new server, the software gets reloaded everywhere. If I don't, the packages are broken for any user that hasn't already used them. (GPO-SIM needs the package on first run for each user on each machine.) Later packages are on DFS -- I learned -- but I have fifty machines I'm going to break with a name change.

Alas, adding drives is not an option in a 1U rack server. :-) And I'm not sure Ghost will work on drives managed by a hardware array controller.Looks like I have no fallback. Back to the drawing board...

Collapse -

DC reload... fallback?

by Desktop Jinx In reply to DC reload... fallback?

This question was closed by the author

Back to Windows Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums