Troubleshoot Active Directory server issues by migrating 4

(followed by an article)

(8) in the "Domain Controllers" container, you can see that the current system has two domain controllers, as shown in 3-9.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/72/DB/wKioL1Xu1K2QMuYfAAGPXIizLcQ871.jpg "/>

Figure 3-9 There are currently two domain controllers

(9) in the "Computers" container, is currently the experimental environment, there are two computers, 3-10 is shown. When you restart both computers and log on to the network normally, there should be no problem. At this point the D server has two IP addresses, one of which is the IP address used in the original A and the address of the DNS server in the current network.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/72/DE/wKiom1Xu0oKAhsIYAAFdI_BdNFI637.jpg "/>

Figure 3-10 Workstations in the current domain

(10) After passing the RID, PDC, infrastructure master role, modify the global catalog to cancel the global catalog role of the first domain controller (a server). Open Active directory Sites and Services, Default-first-site-name→servers→dcbackup→ntds Settings, and on the right, select the first domain controller dcser, From the shortcut menu that pops up, choose Copy Now, as shown in 3-11.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/DB/wKioL1Xu1K3h8B0AAAG4kJvX-lg438.jpg "/>

Figure 3-11 Replication

(11) Right click on "Dcser→ntds Settings" and select "Properties" in the Popup shortcut menu, 3-12.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/DB/wKioL1Xu1K2S-XYYAAHlKD6pkvA177.jpg "/>

Figure 3-12 a server NTDS Settings

(12) in the "NTDS Settings Properties" dialog box that pops up, in the General tab, cancel the selection of the global catalog, as shown in 3-13.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/DE/wKiom1Xu0oKS_us2AAF8jhT8Gz4159.jpg "/>

Figure 3-13 Canceling the global catalog for a server

(13) Check if the D server is a "global catalog". Right-click on "Dcbackup→ntds Settings" and select "Properties" in the popup dialog box, 3-14.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/DE/wKiom1Xu0oPwuFbfAAHfnAxODHs869.jpg "/>

Figure 3-14 NTDS Properties

(14) In the NTDS Settings Properties dialog box, on the General tab, verify that global catalog is selected, and select Default Query policy in the drop-down list to the right of query policies, as shown in 3-15.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/DB/wKioL1Xu1K7SfVoGAAGAoPAqK7E280.jpg "/>

Figure 3-15 Global Catalog

3 demote the original Active Directory server

After migrating a host role, such as a staging server, you can downgrade an Active Directory server to a member server and remove it from an existing domain to prepare for reinstalling the operating system and becoming a domain controller. The original DHCP, Windows Deployment service in the Active Directory server does not need to be uninstalled. Because the entire system has to be re-installed, uninstalling these before downgrading to the member server is meaningless.

If the time of the migration is during non-business hours, you can uninstall it directly. Because the whole process doesn't take much time. If there are still workstations that need to log on to the domain during the migration process, or if other applications require access to Active Directory, you can change the IP address of the original Active Directory server (a server). For example, change the IP address from 172.16.20.1 to 172.16.20.109, and then add the IP address of the 172.16.20.1 in the "brokered" server, where the entire network will essentially not affect the use (workstation logon, authentication), the temporary Windows Deployment service is unavailable, Certificates are not available and will be restored when these migrations are completed. After doing this, start the "demote" work of the Active Directory server, with the following main steps.

(1) Enter the Active Directory server (a server) again, and in Server Manager, select Remove roles and features, as shown in 5-1.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/DB/wKioL1Xu1K6D1lCVAAHSjs5lUgo692.jpg "/>

Figure 5-1 Removing roles and features

(2) In the Remove Server Roles dialog box, select Active directory Domain Services, as shown in 5-2.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/DE/wKiom1Xu0oPiZWdDAAIfLfpThdE763.jpg "/>

Figure 5-2 Removing Active Directory Domain Services

(3) In the Remove Roles and Features Wizard dialog box, click the demote this domain controller link, as shown in 5-3.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/72/DB/wKioL1Xu1K6zcxoQAAExMnGtUic838.jpg "/>

Figure 5-3 demoting a domain controller

(4) In the Credentials dialog box, verify that do not select Force Delete this domain controller, click the Next button, 5-4.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/72/DE/wKiom1Xu0oSBBS1LAAE0WOiE2J8885.jpg "/>

Figure 5-4 AD Domain Wizard

(5) in the "Warning" dialog box, select "Continue deletion" to confirm the deletion of Active Directory services, as shown in 5-5.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/DB/wKioL1Xu1K_xISxLAAE-eEYk498117.jpg "/>

Figure 5-5 continue to delete

(6) in the "New Administrator Password" dialog box, set the new password for the computer that is demoted to the member server, as shown in 5-6.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/72/DE/wKiom1Xu0oThr71HAAEfaRh7c2g274.jpg "/>

Figure 5-6 New Administrator password

(7) In the View Options dialog box, click the Demote button to demote this Active Directory domain controller, as shown in 5-7.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/DB/wKioL1Xu1K-RJ4GwAAF8HxFcymc747.jpg "/>

Figure 5-7 Downgrading

(8) will then enter the Active Directory demotion operation, as shown in 5-8. After the demotion operation is complete, the current server logs off and restarts.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/DE/wKiom1Xu0oTDFvkOAAENe7JdRZ4092.jpg "/>

Figure 5-8 Downgrading

After the a server downgrades members, on the D server, open Active directory Users and Computers, and in the Domain controllers container, only one domain controller server is left, as shown in 5-9.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/72/DE/wKiom1Xu0oTx7jjuAAFs7_vx7nY131.jpg "/>

Figure 5-9 only one domain controller

In the Computers container, the original computer named Dcser becomes a member server, as shown in 5-10.

Figure 5-10 Adding a new member server

If you want to remove Dcser member servers, do not remove from the "Computers" container, but instead perform a "Detach from domain" method. Go back to the a computer and do the following to properly remove it from the domain.

(1) Open the "control Panel → system and Security → system" properties, click "Change Settings", 5-11 shown.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/72/DB/wKioL1Xu1LvwiQVMAAIeH8IgcBc720.jpg "/>

Figure 5-11 Changing settings

(2) Open the System Properties dialog box, on the Computer Name tab, click the Change button, in the computer name/Domain Changes dialog box, change the domain to workgroup, 5-12, and set a name for the workgroup, as shown in work,5-12.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/72/DB/wKioL1Xu1LugaakAAAF8pjS6VVc558.jpg "/>

Figure 5-12 Detach the computer from the domain

Then restart the a computer.

After restarting the computer, if there are other data on the current server hard disk, such as documents, software, or other applications, drivers, back up to another location, because reinstalling the operating system, in order to "completely" resolve the problem, will generally be reformatted. In addition, if the previous partition plan is unreasonable, such as the system partition is too small, it may be repartitioning, which affects the data saved on the server. In addition, before reinstalling the operating system, record the current server network card, RAID card or SAS card model, to see if there is a driver, if not, you can use "Drive Wizard" and other software backup driver, to prevent the installation of the operating system before the driver is not found.

This article from "Wang Chunhai blog" blog, declined reprint!

Troubleshoot Active Directory server issues by migrating 4