Moving Microsoft Windows Active Directory
Behind the UVa More Secure Network
 All efforts should be coordinated with ITC's Network Systems and Hostmaster. When you notified the Hostmaster that your move involved relocating an Active Directory, you received an email acknowledging your request and giving you a date and time. Do not begin the move until that date and time.
  1. Backup your Domain Controllers, being sure to include the System State.
    1. CA's ARCServe: the clinet agent needs to be loaded in order to capture the System State of Active Directory.
    2. NTBACKUP: the System State is captured by default
    3. Other backup products: check the documentation regarding the backup of System State.
  2. Change the current DNS configuration to only point to the Primary DNS. Since the DNS servers are one day out of sync, you will receive DNS errors if you keep all 3 entries in.
    1. Change the configuration to point to 128.143.2.7
    2. Remove 128.143.22.119 and 128.143.3.7
  3. Verify that WINS is installed. Microsoft needs to have a master browser on the subnet. Workstations will not be able to browse anything outside the MSN subnet.
    1. You can use ITC's WINS server: 128.143.3.199 and 128.143.22.189 if you do not run WINS.
    2. An alternative to WINS is LMHOST files, but they will have to be maintained on each workstation.
  4. Change the Server IP address to the new MSN IP address.
  5. Move the ports to the MSN.
  6. Reboot the domain controllers
  7. Send email to Hostmaster requesting that your Active Directory entries be replaced.
    1. Combine all the netlongon.dns files into one and save as 'unix ansi'
    2. Send 'unix ansi' to Hostmaster as an attachment and request that Hostmaster replace your Active Directory entries with these new Active Directory entries.
    3. Inform the Hostmaster that the A records for each server should be changed.
  8. Reboot the domain controllers after you receive confirmation that the entries are in place in the primary DNS server (128.143.2.7)
  9. Run DCDIAG and NETDIAG to verify the Active Directory is showing no functional errors.

© 2008 by the Rector and Visitors of the University of Virginia.

The information contained on the University of Virginia’s Department of Information Technology and Communication (ITC) website is provided as a public service with the understanding that ITC makes no representations or warranties, either expressed or implied, concerning the accuracy, completeness, reliability or suitability of the information, including warrantees of title, non-infringement of copyright or patent rights of others. These pages are expected to represent the University of Virginia community and the State of Virginia in a professional manner in accordance with the University of Virginia’s Computing Policies.