Hello everyone I am kinda new to Windows Server configuration and I hope you can give me some input. Currently we have 5 servers in our company, Windows 2003, Windows 2003r2, Windows 2008, Windows 2008r2, Windows 2012. Windows 2008r2 was our Primary DC 6 months ago, and when we purchased a new Windows 2012 server, we have allow this new server to take over the role of a DC. Now we encounter some hardware issue on the 2012 server and wanted to reconfigure the server. I have read books on Windows 2012 Installation and Configuration etc but I still have 3 confusions. 1) Can I simply backup and then reformat my Windows 2012? After which I can do apply the AD? I will do it over the weekend. 2) Since there are different versions of Windows Server OS, what is the forest level and domain level that I should select after reinstalling the 2012 server? 3) After I had reformatted, and use back the same domain name, do I have to get all my colleagues PC to rejoin back the same name domain?
I don't know if the following is the recommended method (I guess you can read all about it at MS tech), but I've done it a couple of times. 1) Create a Windows Server virtual machine 2) Make it a secondary DC 3) Remove the primary DC (this is the tricky part) 4) Make your VM DC the primary DC 5) Fix and reinstall the real server 6) Reverse the domain controller transfer and make it the primary DC again. The advantage with the above is that it's safe and simple, but I guess there are many methods out there. No one else but you would probably see any difference if you can solve the temporary DC IP address change, i.e. the domain remains the same.
Yes it is just Windows Standard 2012, not R2, and it is not OEM. Oh the functional level for both domain and forest is still at Windows 2003. Thank you Jacker_Back for your suggestions. I supposed it will work. The concern is the 'tricky part'. Do you have any references for me to read up? I feel uneasy for a newbie.
No worries, you can do as many VM server tests as you feel needed. Just don't remove the primary server until you feel satisfied. As mentioned, a complete system backup is pretty mandatory. There are several guides to remove the primary DC at MS tech, read the logs and correct any errors (there will be errors, I'm sure , read the guides howto correct them). Note: Your domain will be alive during the whole process, so accounts, policies etc will not be affected during the transfers. The "tricky thing" is usually DNS related.
We do not have any VMware and bare metal backup solutions. When i issue netdom query fsmo, it has pointed everything to the current Windows 2012. What I did the last round was that I had migrated Windows Standard 2008r2 (DC) to Windows Standard 2012 as the new PDC. Then i had the old DC demoted. This main DC server is mainly used for File Sharing, DHCP, DNS, AD, DC. The other servers are used for File Sharing and are joined to the same domain. We do not have any redundant DC yet. Only one running now. Of course, after we fixed this Windows 2012, we will make the Windows 2008r2 as the redundancy DC. Yes, I also believe the tricky part is DNS related. The last time, DNS is not propagated to the whole domain after installing and running for 3 days. I have to add in the DNS IP address manually to each PC in the domain. Very troublesome. Is there a way out for me to prevent the same thing from happening again?
Oh OK, I don't think you need to care so much about server configurations and layouts. You just want to transfer the domain and fix the server, right? You can do: Install Windows Server 2012 at any (good) workstation on your net. Activate Hyper-V and install your temporary Windows DC virtual machine(s). The domain will be alive and copied to your VM DCs and be functional while you fix the server. I suggest you do a clean install after fixing the real server and not using a backup restore. Since you already have done a migration, I think everything will be clearer when you're at it. After all, it is a rather simple (but safe) method and you will probably be able to go through the whole thing with the default server guides. AFAIK adding a secondary DC is perfectly safe.
Thank you all for the information provided for me. I have already 1) Promote the Windows 2008 to a DC with DHCP, DNS set. I didn't promote Windows 2008r2 because it is running some critical application and I cannot touch it for a week. 2) Transfer the FSMO from 2012 to 2008. 3) Leave the forest and domain level at 2003. 4) Also have made a backup of the files and folders of 2012. Come tomorrow, the 2 last things to do were to, 5) Demote 2012 DC 6) Fix, Reformat 2012 and promote it back to PDC. I have another concern. Actually the 2nd reason to redo the 2012 server was, the domain users complaint that there are permissions issue on some folder and files. When I checked the ownership, it is listed as unknown. When I checked the permission, it is set to 'Domain Admins' and 'Administrators'. Even though I had logged in as domain administrators, i cannot open the folder or copy the files (permission denied). Now my question is, since I have backup the files and folders to a Synology NAS, if i were to copy them back to the re-done Windows 2012, will this issue get fixed? I have backed up using the FreeFileSync opensource software.
Permission errors If you copy with the robocopy utility on a store that can handle NTFS ACLs, you can keep the applied permissions. Otherwise I think the default permissions will be applied and any applied permissions will be lost. By googling I see Synology have guides related to NTFS permissions.
Okay the files are not affected. Thank you jerker_back. But I have a bigger problem. After following the suggestion, everything seem smooth, but I guess we might have some old replication issue. Now my domain PCs cannot get DHCP IP and the DNS is also unable to get. What do I need to provide you guys to help me with this issue?
Well, that's why it's so handy to make the transfer in a virtual machine. If something goes wrong and seems complicated to fix, it's just to delete the instance and try again. This is especially true for the DNS server because the work is done as part of the DC copy guide. I'm sure there are workarounds and manual options, but it will easily become messy unless you know exactly what you are doing. I think your best option is to remove the DC role and try again. Read the error logs and follow the advices. Remove the DHCP role until you get DNS properly function. Note: I'm not a Network technician, so there may be some professional ways out of your dilemma. Worth considering. Maybe also remove some of the physical servers and go virtual instead?
Well I did not try the virtual server method since I am not familiar with it. I have resolved the DHCP and DNS by setting them with the 2012 server. However when i try to promo 2012 to DC, i have an error: Verification of replica failed. What information do i need to provide to you all for further troubleshooting/diagnosis?
Looks like your only option is to get down and dirty at the DNS server Look for example here: h**p://social.technet.microsoft.com/Forums/en-US/25c0cc64-1b59-46e0-bfc6-62aade153411/verfication-of-the-replica-failed-error?forum=winserverDS