see https://www.youtube.com/watch?v=KPpPyUWd-SA and http://pve.proxmox.com/wiki/Windows_2012_guest_best_practices

  • existing domain+forest at 2003 functional level
  • verify no replication errors using repadmin: https://technet.microsoft.com/en-us/library/cc770963.aspx
  • shut down DC VM's, then copy (not move) them to new server
  • on new server, start up DC's on a PRIVATE NETWORK (shared with new win2k12 VM's)
  • install AD domain services role - for server core, use powershell: https://technet.microsoft.com/en-us/library/jj574158.aspx
  • use wizard to promote new temporary win2k12 dc; it reboots; wait for replication (force this?)
  • make sure replication and DNS is working on new DC
  • set old DC's TCP/IP settings for DNS to point to new DC
  • transfer FSMO roles to new DC (powershell command @ 24:30) - in powershell: Move-ADDirectoryServerOperationMasterRole -Identity dc-temp -OperationMasterRole SchemaMaster, DomainNamingMaster, PDCEmulator, InfrastructureMaster, RIDMaster
  • use dcpromo to demote old DC's, then shut them down
  • delete computer objects for old DC's and lingering server objects in sites+services
  • create final two DC's… repeat steps to promote them as DC's and transfer FSMO roles
  • demote temporary DC
  • on new DC's, temporarily remove default route and create manual routes so they can talk to upstream trusted servers; verify that authentication of trusted domains still works
  • remove temporary routes and re-enable default routes. everything should now be online again
  • verify that samba systems can all still authenticate
computer/win2k12_domain_update_notes.txt · Last modified: 2016/01/14 13:39 by tdobes
Recent changes RSS feed Driven by DokuWiki Valid XHTML 1.0 Valid CSS