Answer the question
In order to leave comments, you need to log in
F
F
ffic2021-11-12 01:00:17
ffic, 2021-11-12 01:00:17
How to properly replace the old Active Directory?
Good afternoon.
The educational institution set a goal on its own to change the Windows Server 2008 server to new hardware with Windows Server 2019 (WITHOUT migrating settings, due to a large number of glitches). AD is installed on the current server (for example, skolanov18.ru domain), DNS, file storage. DHCP distributes Mikrotik, which is also a gateway. Debian is installed on another server with the function of a web server with an external domain name skolanov18.ru
Question: How to replace the old server with a new one without interrupting the work of the establishment? What domain name should be given to the new server in order not to have problems with the https certificate on the Web server? Thanks in advance.
4 answer(s)
@meDveD_spb
@hint000
If there is no desire to rake such garbage, then raise a new server, start it in an existing domain, raise the roles of DNS and domain controller on it, raise it to a domain controller in your domain, transfer the FSMO roles to the new server, turn off the old one and check how the domain works on the new one. If everything is fine, then turn on the old one and downgrade it from the controller to a regular computer. Then you can completely remove the old one from the domain.
@zvl
@YMax
M
meDveD_spb, 2021-11-12 @meDveD_spb
It rises next to Windows Server 2022 and configure / repeat the functions that we need from the server.
And we are moving, everything seems to be simple)
It is not clear how the domain, which is the web domain and the AD domain, is connected, how they interact with each other and whether they interact at all, we do not know this. And why do they have the same name.
In order not to have problems with certificates within the network, we manage / issue / distribute certificates by a winserver with the appropriate role. In order not to have problems with external certificates, we set up auto-renewal of letscrypt / acme certificates or connect / assign this function, for example, to cloudflare.
H
hint000, 2021-11-12 @hint000
change Windows Server 2008 server to new hardware with Windows Server 2019 (WITHOUT migrating settings, due to a large number of glitches)It's not entirely clear what "no settings migration" means. Does this mean that you want to raise a new domain? If yes, then you will have to rejoin the domain for each computer, rejoin each user, transfer files for each user on each computer. A lot of work, and it is not clear whether it makes sense.
If there is no desire to rake such garbage, then raise a new server, start it in an existing domain, raise the roles of DNS and domain controller on it, raise it to a domain controller in your domain, transfer the FSMO roles to the new server, turn off the old one and check how the domain works on the new one. If everything is fine, then turn on the old one and downgrade it from the controller to a regular computer. Then you can completely remove the old one from the domain.
Z
zvl, 2021-11-18 @zvl
If you need to transfer all users to a new domain, you can use ADMT
https://docs.microsoft.com/en-us/troubleshoot/wind...
Another domain rises nearby, trust relationships are set up between the old and new domains and gradually users and computers move to a new domain. There are some nuances in naming domains, well, some more. With the question about the site, it is not entirely clear what is meant and it has nothing to do with the operation of the domain if the authorization on the site does not use domain services
M
Maxim Yaroshevich, 2021-12-22 @YMax
Introduce a new server to the old domain, transfer all FSMO and server roles to it, check that everything has moved, and decommission the old server. Why bother with something new when everything is there and the task is to move quietly?
Similar questions
E
Z
P
I
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question