I have to rebuild the entire domain of a company I just started with. It currently runs SBS2003 but it is "FUBAR". MMC is not working, I cant use the BPA on it. I cant get adprep to work to do the prepping on this server. This server was basically setup to manage e-mail and access control. We have moved our mail services to a 3party vendor and the only services needed on this server is AD, dhcp and file access. I removed around 80000 viruses from this server and since then its just hangs and gives problems. I cant even reinstall .net framework apps. This server needs to go. I have purchased a new server and installed Server 2008 R2 SP1. What can be done and how difficult will it be to rebuild the Domain and AD from scratch. It is not a big company and they have had enough as well.
How do I plan for the rebuild. Everything was done without planning and everything needs to be done from scratch. If I switch off the DC, can I create one from scratch? Will it be possible? Do I need to take everyone off the current domain? The domain name needs to stay the same. How can I do this right the first time?
Best Answer
Johan, I personally believe that this question is a little too broad for Server Fault. We like to answer clear, factual questions. However, to throw you a chance:
If I switch off the DC, can I create one from scratch?
Yes, but you'll be creating a new domain in a new forest. Whether the domain name is the same or not, you're creating a whole new infrastructure which has no relation to the old. Additionally, if your old DC is still running DHCP it is very important that it not be powered up on the same network as your new one once you start migrating clients.
Do I need to take everyone off the current domain?
Straight away, not necessarily - if you build your new DC into a new IP range then it's possible (Though may be slightly confusing) to run your two domains in parallel. However, one of your servers will have to have DHCP disabled and all clients will need to be statically configured. Pay particular attention to DNS - DNS holds Active Directory together so it's imperative that old clients point to the old server and new clients point to the new.
Bear in mind that "never the two shall meet" so you'll be running two completely separate networks. This may or may not be what you want.
Ultimately, however, every machine will need to be rejoined to the new domain.
How can I do this right the first time?
Test, and test again. Every step of the way, ensure you have test machines and documentation.
You should have redundant DC's, running a single DC is asking for trouble.
Make sure that everyone involved is aware of any impending disruption and give them plenty of notice.