how to re-install your win2k3 primary domain controller using a spare server

Now officially there is no such thing as “primary domain controllers” on a win2k domain. Of course, anyone who’s done this s$%t knows the reality of the situation.
This is the quicklist for re-building Apollo at Melbourne Girls College. Its the ‘PDC’ with all the roles and core services required for the AD domain, so this must be done carefully…..

Plan is to move everything (services and roles) over to Triton, wipe and re-install Apollo, then move everything back. Triton is already a Domain Controller.

  • Transfer the roles to triton. This is actually easiest done with ntdsutil command line uitlity. See kb255504
  • Make sure triton is a global catalog server.
  • Install DNS on triton, check that it installed as an ‘active directory’ DNS and has all the special active directory gobbledy-gook entries.
  • Install WINS on triton (yeah we need it for some things…)
  • Install DHCP on triton.
    • set server options for DNS and WINS (pointing to triton of course)
    • set router options separate for each subnet
    • set the ttl to a low value eg 1 hour to ease the changeback
    • authorise it
    • don’t activate the ranges yet.
  • Go to every server and device that has a manually entered DNS entry and change it to triton (This actually caused some crazy problems with exchange)
  • Move the DFS root from apollo to triton
    • edit the logon scripts on curriculum and admin to reflect the new ‘folders’ location
  • The day before cutover, set the DHCP TTL to low, e.g. 1 hour
  • Cutover!
    • Unauthorise the DHCP server on apollo and turn off the service manually in services.
    • Change the UDP DHCP helper service in the core router to point to triton
    • Activate all the DHCP scopes on triton
    • Switch apollo off
    • Wait a few days and make sure the school doesn’t burn down.
  • dcpromo apollo to demote it to a member server.
  • Remove apollo from the domain.
  • Re-install apollo with windows server 2003 R2 32bit (64bit >> too many problems!)
    • copy the i386 and cmpnents folders to the root of c:
    • install any needed utilities and apps (eg ms tools, superscan, etc )
    • join to domain
    • dcpromo
  • Install DNS and check its activedirectoryness as above
  • Install WINS
  • Go to every server and device that has a manually entered DNS entry and change it back to apollo.
  • Install DHCP, as above except the DNS and WINS options point to apollo, of course
    • activate all the scopes, but don’t authorise the DHCP server yet.
  • Move the DFS root from triton to apollo
    • edit the curric and admin logon scripts to use the new (old?) location for ‘folders’
  • Transfer the roles back to apollo using ntdsutil
  • Make apollo a global catalog server
  • Cutback!
    • unauthorise DHCP on triton and manually turn off the service
    • authorise DHCP on apollo and check the scopes are active.
    • Wait a couple of days and make sure the school doesn’t slide into the Yarra River
WP Login