New to server builds. Making new DC on domain.

G I Jones

I have a new DC I'm building in VMware. It's on the domain and I'm trying to set up AD.

Two things:
For one, it's pulling AD users from the soon to be retired DC, and I'd like that to go away.

Secondly, upon doing post-deployment checklist: Active Directory Domain Services Configuration Wizard to get AD services up, at the "Additional Options" page, it's asking where to replicate from. Problem is, I don't want to replicate anything, and there isn't an option to select "none". I don't honestly know what it's replicating, but my goal here is a fresh start and rebuild on every front. Can anyone advise?

Old DC: Server 2012
New DC: Server 2012

Obsolesce

This post is deleted!

Obsolesce

@g-i-jones said in New to server builds. Making new DC on domain.:

my goal here is a fresh start and rebuild on every front.

Then you need to add a new forest, when running through the Wizard.

G I Jones

@tim_g I gather it's not possible on the same domain then? Am I correct in assuming the replication would be that of/including the AD?

Obsolesce

@g-i-jones said in New to server builds. Making new DC on domain.:

@tim_g I gather it's not possible on the same domain then? Am I correct in assuming the replication would be that of/including the AD?

Yeah it doesn't work like that.

You either add a new DC to an existing domain, add a new domain to existing forest, or create a new forest/domain entirely.

I'm really not sure what you are asking now.

If you are adding a new DC to an existing domain... then yes of course you pick an existing DC to replicate from, so the new DC can become part of the existing domain. You can't join a new DC to an existing domain wiht only that DC not having anything from the existing domain. That just doesn't make any sense at all.

travisdh1

@g-i-jones Did you already join the new DC server to the old domain? That's why it'd be pulling logins and such from the old domain.

G I Jones

@travisdh1 yea, my boss did so we could remote into it and set it up.

G I Jones

@tim_g Our old DC is corrupt, and it was a replication of an even older corrupt DC. We've opted to go with a new build entirely. I'm trying to figure out how to stand this new DC up, manually input the Users, Group Policy, all that, and transfer FSMO roles to it while simultaneously taking down the old DC.

travisdh1

@g-i-jones said in New to server builds. Making new DC on domain.:

@tim_g Our old DC is corrupt, and it was a replication of an even older corrupt DC. We've opted to go with a new build entirely. I'm trying to figure out how to stand this new DC up, manually input the Users, Group Policy, all that, and then transfer FSMO roles to it.

Ok, first off, starting new = no FSMO role transfer, it's NEW! This also means removing all the workstations from the old domain and joining them to the new one when it's ready to go.

If you're going to move the FSMO roles, then just let it replicate everything. This is just how it's made to work.

You should be able to access the server from the console available from the vmware management interface you use, shouldn't need it domain joined for that.

Obsolesce

@g-i-jones

Create a completely new forest and domain. Then you can manually input the users, backup/restore the GPOs over, join the PCs to the new domain, etc.

scottalanmiller

@g-i-jones said in New to server builds. Making new DC on domain.:

@tim_g Our old DC is corrupt, and it was a replication of an even older corrupt DC. We've opted to go with a new build entirely. I'm trying to figure out how to stand this new DC up, manually input the Users, Group Policy, all that, and transfer FSMO roles to it while simultaneously taking down the old DC.

Sounds like time to start fresh and rebuild the domain by hand. How big is the domain?

dbeato

@g-i-jones said in New to server builds. Making new DC on domain.:

@tim_g Our old DC is corrupt, and it was a replication of an even older corrupt DC. We've opted to go with a new build entirely. I'm trying to figure out how to stand this new DC up, manually input the Users, Group Policy, all that, and transfer FSMO roles to it while simultaneously taking down the old DC.

Setup your DC, add the static IP of the server and prepare DNS on DHCP for all the computers and other devices, removed computers from the domain after backing up data and join them to the new domain.

G I Jones

@scottalanmiller roughtly 300 cpu's, 100 users.

If I made a new sub domain of say abc.alphabet.com and my current was abc.alphabet.net, but I NEEDED the .net could I set up the new DC on .com and then after unplugging the old DC from .net, then change the new DC to the .net? Or is that more of a pain than it's worth?

scottalanmiller

@g-i-jones said in New to server builds. Making new DC on domain.:

@scottalanmiller roughtly 300 cpu's, 100 users.

Computers are easy, users are the pain (as they have passwords.) But 100, not horrible.

scottalanmiller

@g-i-jones said in New to server builds. Making new DC on domain.:

If I made a new sub domain of say abc.alphabet.com and my current was abc.alphabet.net, but I NEEDED the .net could I set up the new DC on .com and then after unplugging the old DC from .net, then change the new DC to the .net? Or is that more of a pain than it's worth?

No, don't do renames. Nothing likes that.

Use ad.domain.com, don't use the .net from the beginning if you don't want to be on it.

No one should care what the domain is, it's not really something users interact with.

G I Jones

@scottalanmiller damn. Yea too many things already ride on our current domain, so we're trying to dodge a migration to a new domain if we can. Still thinking about our best course of action.

Dashrender

@g-i-jones said in New to server builds. Making new DC on domain.:

@scottalanmiller damn. Yea too many things already ride on our current domain, so we're trying to dodge a migration to a new domain if we can. Still thinking about our best course of action.

Like what?

G I Jones

@Dashrender roughly 100 cpu's, 10 servers, website, helpdesk, testing center, etc.

Dashrender

Sounds like fixing your corrupt Domain is your only fix then.

Sounds like it would likely be worth a $400 ticket to MS for support - and if they can't fix it, they will likely refund you.

Kelly

Having done both, I would recommend building the new one. Yes it will be a pain to move things over, but you can do most of the server side work in isolation. You'll have a long weekend switching everyone over to the new domain, but it is doable in a fairly reasonable amount of time.