{"id":9057,"date":"2008-05-29T16:23:00","date_gmt":"1999-11-29T20:00:00","guid":{"rendered":"https:\/\/aidanfinn.com\/?p=9057"},"modified":"2008-05-29T16:23:00","modified_gmt":"1999-11-29T20:00:00","slug":"introducing-a-windows-2008-domain-controller","status":"publish","type":"post","link":"https:\/\/aidanfinn.com\/?p=9057","title":{"rendered":"Introducing a Windows 2008 Domain Controller"},"content":{"rendered":"

I installed a new W2008 x64 DC at work in our W2003 native (single domain) forest.\u00a0 I’m happy to report that:<\/p>\n

    \n
  1. It was easy.<\/em>\n<\/li>\n
  2. It went flawlessly.<\/li>\n<\/ol>\n

    I’m planning on wiping out the W2003 presence on our DC’s to have a native W2008 domain.\u00a0 Right now, there’s no support<\/a> for monitoring it using SCOM 2007 so I’ll have to wait for a wee while for the management pack and agent support.\u00a0 I want to be able to monitor our AD so I’ll wait before completing this project.\n<\/p>\n

    Here’s one way to introduce a W2008 DC to your existing W2003 AD.\n<\/p>\n

    The first question is: to upgrade or do a lean install?\u00a0 MS are strongly recommending clean installs.\u00a0 In fact, they almost go as far as saying don’t upgrade.\u00a0 They do clearly say that a machine with only W2003 components can be upgraded fairly dependably but you’ll want to verify that the machine spec and configuration are good.\u00a0 Watch out for the desired 40GB C drive – you’ll need to buy 72GB drives if using HP like me.\u00a0 Things like dodgy AV (I mean you Muckafee and Sinmantec), well …. you’ll want to do a clean install there because, in my opinion, Sinmantec trash the TCP stack when they get their hands on it and the W2008 stack is a complete re-write.\n<\/p>\n

    Next question: do you need a rollback plan for the required schema updates?\u00a0 Best practice is "yes".\u00a0 The best plan here is to power down selected DC’s before the upgrade and leave them off until you’re sure everything is OK.\u00a0 Keep the holder of the Schema Master FSMO role turned on – we need it.\u00a0 If so, then just power on those DC’s and continue as normal.\n<\/p>\n

    If something does go wrong with the schema updates then you power off the powered on DC’s and only then would you power on the standby DC’s.\u00a0 Seize the FSMO roles to one of the now powered on standby DC’s.\u00a0 Do a metadata cleanup<\/a> to wipe away all traces of the powered off DC’s.\u00a0 The powered off DC’s would be disconnected from the network (to prevent AD replication), rebuilt, reattached to the network and DCPROMO’ed.\n<\/p>\n

    We’re assuming everything is good.\u00a0 I’ve not heard of anyone having a schema corruption via a MS update but I’d always recommend being safe.\n<\/p>\n

    Now you can follow the process that MS describes<\/a>.\u00a0 It’s pretty simple:<\/p>\n