More Secure Network (MSN)
Moving Windows Active Directory
All efforts should be coordinated with ITS's Network Systems and Hostmaster. When you notified the Hostmaster that your move involved relocating an Active Directory, you received an email acknowledging your request and giving you a date and time. Do not begin the move until that date and time.
- Backup your Domain Controllers, being sure to include the System State.
- CA’s ARCServe: the clinet agent needs to be loaded in order to capture the System State of Active Directory.
- NTBACKUP: the System State is captured by default
- Other backup products: check the documentation regarding the backup of System State.
- Change the current DNS configuration to only point to the Primary DNS. Since the DNS servers are one day out of sync, you will receive DNS errors if you keep all 3 entries in.
- Change the configuration to point to 126.96.36.199
- Remove 188.8.131.52 and 184.108.40.206
- Verify that WINS is installed. Microsoft needs to have a master browser on the subnet. Workstations will not be able to browse anything outside the MSN subnet.
- You can use ITS's WINS server: 220.127.116.11 and 18.104.22.168 if you do not run WINS.
- An alternative to WINS is LMHOST files, but they will have to be maintained on each workstation.
- Change the Server IP address to the new MSN IP address.
- Move the ports to the MSN.
- Reboot the domain controllers.
- Email Hostmaster requesting that your Active Directory entries be replaced.
- Combine all the netlongon.dns files into one and save as ‘unix ansi.’
- Send ‘unix ansi’ to Hostmaster as an attachment and request that Hostmaster replace your Active Directory entries with these new Active Directory entries.
- Inform the Hostmaster that the A records for each server should be changed.
- Reboot the domain controllers after you receive confirmation that the entries are in place in the primary DNS server (22.214.171.124).
- Run DCDIAG and NETDIAG to verify the Active Directory is showing no functional errors.