locked
New physical server - with two DC's - need help! RRS feed

  • Question

  • My scenario is I have a small business who has two locations.  The "IT" guy is set in a way that he wants to do this, and he has contracted me to help.

    Site 1
    192.168.1.x network
    SBS 2003 server (on really old hardware) Lets call this server SBS1

    Site 2
    192.168.2.x network
    Is a domain controller thats a global catalog. The two sites replicate.  Lets call this server Server2

    SIte 2 Site VPN between the two offices

    The OLD IT guy took an image of the SBS server six months ago, and put it on newer hardware.  But it was never implemented.  Since 6 months ago, not much has changed, a few new PC's and a few new users.

    The current "IT" guy wants to put the imaged SBS that is the newer hardware server into the network and decom the old SBS server. 

    The network can be taken down, and downtime is okay.  This doesnt need to a quick drop in and go.

    My concern is, if I drop in the imaged server of the SBS server that was done six months ago, its going to look and say hey, there are some accounts that I dont have, so im going to remove them from Server2.

    Whats the best way going about this?

    I have suggested some other routes, but the "IT" guy is insistent on doing this, and well he's paying me by the hour so im fine following his lead.

    Also the "IT" guy is willing to recreate missing user accounts if that happens.

    Friday, December 5, 2014 8:18 PM

Answers

  • Hi,

    Are there any other huge issues that could happen?  The image being six months old, is that going to cause huge issues with replication?

    Yes, do not restore the backup image which has the age exceeding tombstone lifetime, it is not supported.

    Should I just take a new image and put onto the server that currently has the six month old image?

    If there is still one functional Domain Controller, the best way to introduce a new DC is to promote a new one.

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Amy Wang_ Tuesday, December 16, 2014 1:40 AM
    • Marked as answer by Amy Wang_ Sunday, December 21, 2014 7:09 AM
    Monday, December 15, 2014 9:15 AM
  • It is not a good idea to just image a DC and then put that image back to production (6 months!!). What happens is this (USN rollback):

    https://support.microsoft.com/kb/875495/en-us

    It is important that the DC being imaged KNOWS that it was restored!

    You get "Ghost"-objects in AD that exist on one DC and are missing on the other. Computers and Users are not the only objects. This can be hard to find out.

    Solution is to do a system state restore before it goes to production.


    • Edited by DevOn99 Saturday, December 6, 2014 8:36 PM
    • Marked as answer by Amy Wang_ Tuesday, December 16, 2014 1:40 AM
    Saturday, December 6, 2014 8:33 PM

All replies

  • How did you "reimage" the SBS server to hardware? Did it get a new OS as well?  was it promoted to a DC?
    Friday, December 5, 2014 9:30 PM
  • Hi, Are these users/computers part of the domain? Also is SBS1 running any applications that might have new information from six months ago? why not take new fresh image?


    Isaac Oben MCITP:EA, MCSE,MCC <a href="https://www.mcpvirtualbusinesscard.com/VBCServer/4a046848-4b33-4a28-b254-e5b01e29693e/interactivecard"> View my MCP Certifications</a>

    Friday, December 5, 2014 9:46 PM
  • Some more information, the SBS server is not really being used as an SBS server. Exchange is not running, no sharepoint, etc.

    Its basically a file server, print server, and DC.

    When they did the image -this was six months ago-, they just cloned the old SBS server to new hardware.  Now the IT guy wants to drop that cloned SBS server onto the network.  I know i'll have to re copy all the users data files, etc.

    I just need to know how AD is going to react.  Is the Server 2, going to push its AD updates to the SBS server because its 6 months old?  Or will the SBS say, hey im supposed to be the main DC, so update to my old information?

    Are there any other huge issues that could happen?  The image being six months old, is that going to cause huge issues with replication?

    Should I just take a new image and put onto the server that currently has the six month old image?

    Please help.  Thank you.





    • Edited by TwiztedTD Saturday, December 6, 2014 12:10 AM
    Friday, December 5, 2014 10:58 PM
  • Anyone?  =)
    Saturday, December 6, 2014 5:24 PM
  • It is not a good idea to just image a DC and then put that image back to production (6 months!!). What happens is this (USN rollback):

    https://support.microsoft.com/kb/875495/en-us

    It is important that the DC being imaged KNOWS that it was restored!

    You get "Ghost"-objects in AD that exist on one DC and are missing on the other. Computers and Users are not the only objects. This can be hard to find out.

    Solution is to do a system state restore before it goes to production.


    • Edited by DevOn99 Saturday, December 6, 2014 8:36 PM
    • Marked as answer by Amy Wang_ Tuesday, December 16, 2014 1:40 AM
    Saturday, December 6, 2014 8:33 PM
  • Hi DevOn99,

    Using NT backup is the best way to do this?  Or what is a suggested solution to do a system state backup/restore?

    Sunday, December 7, 2014 11:35 PM
  • You can do that with NT Backup or another AD aware backup solution or by doing a nonauthoritative restore of AD manually. What backup solution do you use?

    Read this, before you perform a nonauthoritative restore of AD http://support.microsoft.com/kb/216993/en-us if your backup is outdated!

    In your situation (backup is 180 days old) I would recommend doing a new backup with System State and restore from this backup nonauthoritatively. As this is a fileserver too, you will have to restore a lot anyhow, so better do a new backup.


    • Edited by DevOn99 Monday, December 8, 2014 4:57 AM
    Monday, December 8, 2014 4:54 AM
  • Hi,

    Are there any other huge issues that could happen?  The image being six months old, is that going to cause huge issues with replication?

    Yes, do not restore the backup image which has the age exceeding tombstone lifetime, it is not supported.

    Should I just take a new image and put onto the server that currently has the six month old image?

    If there is still one functional Domain Controller, the best way to introduce a new DC is to promote a new one.

    Best Regards,

    Amy


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Amy Wang_ Tuesday, December 16, 2014 1:40 AM
    • Marked as answer by Amy Wang_ Sunday, December 21, 2014 7:09 AM
    Monday, December 15, 2014 9:15 AM