DC Hardware Upgrades

29 Aug 2005 1:15 AM

Mick Surname

2 x Windows 2003 DCs. Both were built from scratch with 2003 and are fairly
pure.
A) has certificates and RSA, B) has printing.

I am planning a hardware upgrade and would like to keep the names and IP
addresses
the same as we have a trust relationship through our firewall with another
organisation and it would be difficult to change their firewalls, lmhosts,
etc.

Microsoft articles such as KB 249694 says "This procedure is not recommended
for
domain controllers".

Given the choice, would it also be wise to use something like CommVault or
Symantec
LiveState to do the upgrade ?

I am happy to go the safe path if that is best. I could move all the roles,
GC, DNS,
IAS, DHCP, Certificates, etc from A) to B). Then demote A), remove from
domain,
replace with new hardware, build from scratch with 2003SP1, promote, move
roles back.

I would do this one weekend and then the next look at upgrading the B) DC to
new
hardware. I can see this as more difficult as I have a lot of printer
drivers to
locate and install.

Thanks
Mick

29 Aug 2005 1:47 AM

Todd J Heron

If you have Certificate services installed on a DC you cannot rename it
without first uninstalling Certificate services. Plus you have those other
pitfalls you mentioned with the vendor. Why can't you introduce the new
hardware as additional DCs - then work with your vendor to point over to
them, and after everything settles down you can decommission the old
hardware.

This white paper outlines the entire migration process, including potential
pitfalls with WINS, DHCP, DNS, etc. (Chapter 4) . Start here:
http://www.microsoft.com/downloads/details.aspx?familyid=e92cf6a0-76f0-4e25-8de0-19544062a6e6&displaylang=en

--
Todd J Heron, MCSE
Windows Server 2003/2000/NT; CCA
----------------------------------------------------------------------------
This posting is provided "as is" with no warranties and confers no rights

"Mick Surname" <mick377_1[remo***@hotmail.com> wrote in message
news:eW9TdcDrFHA.3424@TK2MSFTNGP14.phx.gbl...

2 x Windows 2003 DCs. Both were built from scratch with 2003 and are fairly
pure.
A) has certificates and RSA, B) has printing.

I am planning a hardware upgrade and would like to keep the names and IP
addresses
the same as we have a trust relationship through our firewall with another
organisation and it would be difficult to change their firewalls, lmhosts,
etc.

Microsoft articles such as KB 249694 says "This procedure is not recommended
for
domain controllers".

Given the choice, would it also be wise to use something like CommVault or
Symantec
LiveState to do the upgrade ?

I am happy to go the safe path if that is best. I could move all the roles,
GC, DNS,
IAS, DHCP, Certificates, etc from A) to B). Then demote A), remove from
domain,
replace with new hardware, build from scratch with 2003SP1, promote, move
roles back.

I would do this one weekend and then the next look at upgrading the B) DC to
new
hardware. I can see this as more difficult as I have a lot of printer
drivers to
locate and install.

Thanks
Mick

29 Aug 2005 8:03 AM

Mick

I've haven't previously moved certificate services, but have noted KB 298138
and a post in March saying the procedure does work. The post says "if you
can, have the new server come up with the IP adress of the old server as
well", so sounds like they have done something similiar to my proposal. A
practice of this in a lab environment probably wouldn't hurt.

As for introducing a 3rd DC, yes, that would be ideal, problem is the
relationship I have with the other organisation. It would require a 'change
request', I would have to give them 6 weeks notice, and I would probably get
charged and arm and a leg.

Appreciate your comments and ideas ....
Show quoteHide quote

"Todd J Heron" <todd_heron_no_spam@hotmail.com> wrote in message
news:ura7RuDrFHA.1028@TK2MSFTNGP12.phx.gbl...
> If you have Certificate services installed on a DC you cannot rename it
> without first uninstalling Certificate services. Plus you have those
> other
> pitfalls you mentioned with the vendor. Why can't you introduce the new
> hardware as additional DCs - then work with your vendor to point over to
> them, and after everything settles down you can decommission the old
> hardware.
>
> This white paper outlines the entire migration process, including
> potential
> pitfalls with WINS, DHCP, DNS, etc. (Chapter 4) . Start here:
> http://www.microsoft.com/downloads/details.aspx?familyid=e92cf6a0-76f0-4e25-8de0-19544062a6e6&displaylang=en
>
> --
> Todd J Heron, MCSE
> Windows Server 2003/2000/NT; CCA
> ----------------------------------------------------------------------------
> This posting is provided "as is" with no warranties and confers no rights
>
> "Mick Surname" <mick377_1[remo***@hotmail.com> wrote in message
> news:eW9TdcDrFHA.3424@TK2MSFTNGP14.phx.gbl...
> 2 x Windows 2003 DCs. Both were built from scratch with 2003 and are
> fairly
> pure.
> A) has certificates and RSA, B) has printing.
>
> I am planning a hardware upgrade and would like to keep the names and IP
> addresses
> the same as we have a trust relationship through our firewall with another
> organisation and it would be difficult to change their firewalls, lmhosts,
> etc.
>
> Microsoft articles such as KB 249694 says "This procedure is not
> recommended
> for
> domain controllers".
>
> Given the choice, would it also be wise to use something like CommVault or
> Symantec
> LiveState to do the upgrade ?
>
> I am happy to go the safe path if that is best. I could move all the
> roles,
> GC, DNS,
> IAS, DHCP, Certificates, etc from A) to B). Then demote A), remove from
> domain,
> replace with new hardware, build from scratch with 2003SP1, promote, move
> roles back.
>
> I would do this one weekend and then the next look at upgrading the B) DC
> to
> new
> hardware. I can see this as more difficult as I have a lot of printer
> drivers to
> locate and install.
>
> Thanks
> Mick
>
>