Replace old PDC with new PDC by just a swap

By jdelaria ·
Is it possible to build an exact copy of my PDC and just swap them out when it is ready?

I have built the same exact win2k3 server PDC with the same IP's, Domain, rebuilt AD to look exactly the same as the old (new server, same software). But when I pull the old PDC and bring in the new PDC I get security issues and the clients don't want to come online until I rejoin the domain. Which means going around to all 50 machines and rebuilding them in a sense.

I would like to do this without the clients even knowing what happened and without having to rejoin each client to the domain.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Sounds like a school question....

by CG IT In reply to Replace old PDC with new ...

If your the IT manager as your profile indicates and you've had some experience with Windows Directory Services, you should know what the answer is.

So given that, it's not possible to build an exact copy and just swap them out. Your forgetting ACEs ACLs, tokens and SIDs. Those you haven't copied and actually can't copy without the copied server joining the domain as a DC and replicating with the existing DC.

Also for failover, the copied DC needs minimally, to have the Global Catalog role assigned to it along with having the sysvol and netlogon shares being accessible for users.

Now what you can do is restore a DC from a backup copy to new hardware. Then you'll have an exact copy from the point in time that you backup copy was made. But not after that.

Collapse -


by Kjell_Andorsen In reply to Replace old PDC with new ...

Since you're talking about using AD, I'll assume you're really talking about a DC, Windows hasn't used PDCs since NT4.

To answer your question, what you're trying to do is not possible, even if you mirror server names, IPs and replicate the AD Database, AD will still know it's a different server.

I would recommend bringing the new DC online with a new name, different IP etc, let all AD and DNS data replicate over and then transfer the appropriate FMSO roles from the old server to the new, make sure the new server was set up as a global cataloge server (if the old one was) and then once you're done retire the old server.

If your old DC was a DNS or WINS server I would use DHCP to change the settings on clients to use the new server for DNS or WINS before decomissioning the old one.

Collapse -


by jdelaria In reply to nope

Thank you for your replies. I understand the confusion you must have with how I state I am the role of "IT Department Manager". I work for a small factory that doesn't have much of a IT department so I get to be the one in charge of many things often times things that are not even IT related. I am however the only one who feels comfortable dabbling in this IT stuff so I get to take on that roll and learn as I go.

As for this issue I am having, I actually paid some IT network engineers to come to my facility to install this new DC. I told them I wanted to replace my old DC with a new DC and to get the ball rolling for me and I will spend the tedious hours rebuilding AD and DFS. Just get me to the point where I can do that and cut over. Again, this is where they left me and of course as you know, it does not work. I too, with as little experience as I have on the server side, was amazed by how easy they made it sound. I was prepared for the promote and demote way of doing it, but they assured me I would not have to nor want to do it this way.

Again, thank you for setting me back on the correct path as I will try and do it this way on my own.


Related Discussions

Related Forums