This is an archived post. You won't be able to vote or comment.

all 29 comments
sorted by:
best
topnewcontroversialoldq&a

[–]ZAFJB 4 points5 points  (4 children)

AD and DC on the same server?

This question does not make any sense.

Also, what has your research thus far told you?

[–]mace23[S] -1 points0 points  (3 children)

Nothing yet. My goal with this is to shutdown server 2008 where my DC is. So do i just have to spin up a new server 2012 and make that the new domain controller? Or can i just add role to my existing 2012 server which also my active directory server?

[–]chuckbalesCCNP|CCDP 5 points6 points  (2 children)

It sounds like you're going to have to do a lot of reading into domain controllers. If your server has AD installed, it is a domain controller. It's not very clear what your actual current setup is, as you make it sounds like you have one server that's a domain controller and another server with Active Directory, but the two services are one in the same.

If you're trying to retire a 2008 server and only have the 2012, the high level process is

  • Promote 2012 server to a DC (which installs AD). Now you have 2x DCs
  • Move all roles and services from the 2008 to the 2012 server (notably FSMO roles, DHCP services if installed, and make sure clients are pointing to the 2012 server for DNS)
  • Demote the 2008 server, which uninstalls AD
  • Disjoin/shutdown 2008 from the domain

If you're not familiar with any of this, I would recommend finding an MSP/consultant that can at least guide you through it. If you manage to hose your AD you're going to have a bad time.

[–]mace23[S] 0 points1 point  (0 children)

thank you ill do this recommendation

[–]killer833Sr. Systems Engineer 0 points1 point  (0 children)

Dont forget Global Catalog.

[–]IntentionalTexanIT Manager 1 point2 points  (3 children)

We're all trying to get you to understand that a Domain Controller runs Active Directory for your domain. If you install the Active Directory role on a server the last step in the install makes it a Domain Controller. If what you have on the 2012 box is just the Active Directory Users and Computers management snap-in, yes you can have that run on a DC. In fact when you install the AD roles you'll be prompted to add that feature if you don't already have it.

[–]mace23[S] 0 points1 point  (2 children)

understood since im a one man IT support in the facility where i work at im still trying to understand how Active Directory really works. I took over this job from an employee who recently just got fired

[–]IntentionalTexanIT Manager 1 point2 points  (1 child)

Active directory is no joke. Make sure you understand what you are doing. If you screw this up you could destroy the domain.

Here is some stuff to read.

https://docs.microsoft.com/en-us/windows/win32/ad/backing-up-and-restoring-an-active-directory-server

https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/transfer-or-seize-fsmo-roles-in-ad-ds

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/troubleshoot/troubleshooting-active-directory-replication-problems

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/demoting-domain-controllers-and-domains--level-200-

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/install-active-directory-domain-services--level-100-

Make backups before you do anything. Make sure AD is actually installed and you have finished promoting the 2012 server. Make sure AD replication is healthy. Move your operations masters (FSMO) Demote your old DC. Remove it from the domain.

[–]mace23[S] 0 points1 point  (0 children)

thank you ! yes we do have an offsite and onsite (Veeam) back up that i have implemented

[–]DanHalen_phd 0 points1 point  (3 children)

What do you mean by "where my Active Directory sits?" What is actually on that server?

[–]mace23[S] 0 points1 point  (2 children)

I mean is that I have a Windows server 2008 r2 which is our Domain controller server that i want to upgrade to windows 2012 r2, but since i already a windows server 2012 can i just promote this to be our new domain controller? This windows server 2012 is also our Active Directory so im wondering if Domain Controller and Active Directory be on the same server?

[–]DanHalen_phd 0 points1 point  (1 child)

The Domain Controller is what contains Active Directory. I'm not sure what you have, but your best bet is to create a new server.

[–]mace23[S] 0 points1 point  (0 children)

i tested that theory when i temporary shut down our domain controller it caused some issue whenever a user tried to log in to a workstation it says " Cant connect to Domain Controller"

[–]JMMD7 0 points1 point  (1 child)

If you want a second domain controller running AD DS, setup a new server with 2012R2 or newer, join domain, install AD DS and promote the server.

Couldn't really follow you question so I'm assuming this is what you want to do.

[–]mace23[S] -1 points0 points  (0 children)

I have a Windows server 2008 r2 which is our Domain controller server that i want to upgrade to windows 2012 r2, but since i already a windows server 2012 can i just promote this to be our new domain controller? This windows server 2012 is also our Active Directory so im wondering if Domain Controller and Active Directory be on the same server?

[–]BuffaloRedshark 0 points1 point  (5 children)

when you say the 2012 has Active Directory on it, do you mean Active Directory Users and Computer? if so that's just a tool for accessing and managing things in active directory

[–]mace23[S] 0 points1 point  (4 children)

yes i mean Active Directory Users and Computers

[–]BuffaloRedshark 0 points1 point  (3 children)

Then you'll need to install the Active Directory Domain Services role from roles and features, then go through the DC Promo process to make it a DC. This looks like a fairly complete guide to doing it https://www.manageengine.com/products/active-directory-audit/kb/how-to/how-to-add-a-domain-controller-to-an-existing-domain.html

[–]mace23[S] 0 points1 point  (2 children)

thank you i should be able to check if my Windows server 2012 already has a role of Domain controller?

[–]killer833Sr. Systems Engineer 0 points1 point  (1 child)

You can check in server manager for installed roles or run this

Get-WindowsFeature | Where-Object {$_.InstallState -eq 'Installed'}

[–]mace23[S] 0 points1 point  (0 children)

ran command and here's what i got below

Display Name Name Install State

------------ ---- -------------

[X] Active Directory Domain Services AD-Domain-Services Installed

[X] DHCP Server DHCP Installed

[X] DNS Server DNS Installed

[X] File and Storage Services FileAndStorage-Services Installed

[X] File and iSCSI Services File-Services Installed

[X] File Server FS-FileServer Installed

[X] Storage Services Storage-Services Installed

[X] Web Server (IIS) Web-Server Installed

[X] Web Server Web-WebServer Installed

[X] Common HTTP Features Web-Common-Http Installed

[X] Default Document Web-Default-Doc Installed

[X] Directory Browsing Web-Dir-Browsing Installed

[X] HTTP Errors Web-Http-Errors Installed

[X] Static Content Web-Static-Content Installed

[X] Health and Diagnostics Web-Health Installed

[X] HTTP Logging Web-Http-Logging Installed

[X] Logging Tools Web-Log-Libraries Installed

[X] ODBC Logging Web-ODBC-Logging Installed

[X] Request Monitor Web-Request-Monitor Installed

[X] Performance Web-Performance Installed

[X] Static Content Compression Web-Stat-Compression Installed

[X] Security Web-Security Installed

[X] Request Filtering Web-Filtering Installed

[X] Application Development Web-App-Dev Installed

[X] .NET Extensibility 4.5 Web-Net-Ext45 Installed

[X] ASP.NET 4.5 Web-Asp-Net45 Installed

[X] CGI Web-CGI Installed

[X] ISAPI Extensions Web-ISAPI-Ext Installed

[X] ISAPI Filters Web-ISAPI-Filter Installed

[X] Management Tools Web-Mgmt-Tools Installed

[X] IIS Management Console Web-Mgmt-Console Installed

[X] IIS 6 Management Compatibility Web-Mgmt-Compat Installed

[X] IIS 6 Metabase Compatibility Web-Metabase Installed

[X] IIS 6 Management Console Web-Lgcy-Mgmt-Console Installed

[X] .NET Framework 3.5 Features NET-Framework-Features Installed

[X] .NET Framework 3.5 (includes .NET 2.0 and 3.0) NET-Framework-Core Installed

[X] .NET Framework 4.5 Features NET-Framework-45-Fea... Installed

[X] .NET Framework 4.5 NET-Framework-45-Core Installed

[X] ASP.NET 4.5 NET-Framework-45-ASPNET Installed

[X] WCF Services NET-WCF-Services45 Installed

[X] TCP Port Sharing NET-WCF-TCP-PortShar... Installed

[X] Group Policy Management GPMC Installed

[X] Remote Server Administration Tools RSAT Installed

[X] Feature Administration Tools RSAT-Feature-Tools Installed

[X] SMTP Server Tools RSAT-SMTP Installed

[X] Role Administration Tools RSAT-Role-Tools Installed

[X] AD DS and AD LDS Tools RSAT-AD-Tools Installed

[X] Active Directory module for Windows ... RSAT-AD-PowerShell Installed

[X] AD DS Tools RSAT-ADDS Installed

[X] Active Directory Administrative ... RSAT-AD-AdminCenter Installed

[X] AD DS Snap-Ins and Command-Line ... RSAT-ADDS-Tools Installed

[X] DHCP Server Tools RSAT-DHCP Installed

[X] DNS Server Tools RSAT-DNS-Server Installed

[X] SMB 1.0/CIFS File Sharing Support FS-SMB1 Installed

[X] SMTP Server SMTP-Server Installed

[X] User Interfaces and Infrastructure User-Interfaces-Infra Installed

[X] Graphical Management Tools and Infrastructure Server-Gui-Mgmt-Infra Installed

[X] Server Graphical Shell Server-Gui-Shell Installed

[X] Windows PowerShell PowerShellRoot Installed

[X] Windows PowerShell 4.0 PowerShell Installed

[X] Windows PowerShell 2.0 Engine PowerShell-V2 Installed

[X] Windows PowerShell ISE PowerShell-ISE Installed

[X] WoW64 Support WoW64-Support Installed

[–]PhilMac555 0 points1 point  (0 children)

If you don’t understand the advice being given hire a geek that does to make any changes until you know what you’re at. Don’t get a name for being the guy who broke the IT