How to make the new DC the Authorized DC+DNS+Logon Server Directory Service

Sunith 81 Reputation points
2023-02-15T17:47:37.1333333+00:00

There has been an incident and appreciate your advise

New DC - Windows 2019

All FSMO roles point to the new DC

Old DC - Faulty with Replication errors - Need to be removed from the Domain - cleaned up. - Windows 2012 R2

on the dns manager (Windows 2019) we are missing the zone "_msdcs.domain.local" - how can rebuild or reconfigure it.

The user machines are getting their DHCP lease, DNS server etc from the new DC - everything is coming from the new DC

  1. when we ping "Domain Name" - gives old DC
  2. Ping "FQDN" - gives new DC
  3. Add a user to New DC it shows on old DC
  4. add a user to old dc it DOES NOT show on new DC
  5. Add a computer to domain it only shows on old DC
  6. ALL ADUC are migrated and showing in the new DC

How do we remove the old DC and make the new DC authorized DC?

How do we recreate/reconfigure the DNS server with the correct _msdcs.domain.local zone?

How do we ensure the logon servers for all users are pointing to the new DC?

How do we ensure the Domain Joins are added to the new DC?

Yes, the migration got bottled and its a disaster. No backups of AD or old DC. Simply put it we need to remove the faulty DC and ensure everyone is on the new DC. We are on a single DC/DNS environment. AFter correcting this we plan on adding a 2nd DNS server.

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | Other
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Anonymous
    2023-02-15T18:12:33.1+00:00

    You can perform cleanup to remove remnants of failed one from active directory

    Clean up Active Directory Domain Controller server metadata

    Step-By-Step: Manually Removing A Domain Controller Server

    You can stand up a new one for replacement.

    The two prerequisites to introducing the first 2019 or 2022 domain controller are that domain functional level needs to be 2008 or higher and older sysvol FRS replication needs to have been migrated to DFSR

    I'd use dcdiag / repadmin tools to verify health correcting all errors found before starting any operations. Then stand up the new 2019, patch it fully, license it, join existing domain, add active directory domain services, promote it also making it a GC (recommended), transfer FSMO roles over (optional), transfer pdc emulator role (optional), use dcdiag / repadmin tools to again verify health, when all is good you can decommission / demote old one.

    Then also check the DHCP server hands out the correct addresses of new domain controllers.

    --please don't forget to upvote and Accept as answer if the reply is helpful--


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.