Copying Internet Addresses
How to respond
Select Copy the IP addresses if any of the following situations apply:
- Emergency: The old computer has failed and needs to be replaced as soon as possible. (Same network)
- Planned: The old computer is being retired as part of a planned project to move Active Directory to a new computer (or VM) on the same network.
- Test: The computer is being cloned into an isolated test lab, and you want to preserve all network settings for troubleshooting or testing the network configuration.
Select Do not copy the IP addresses if any of the following situations apply:
- Test: The computer is inside an isolated test lab, and it has a different Internet subnet already assigned to it.
Caution: The test computer (or VM) still must still be isolated from the old production network, even if the IP address is different.
- Cloud: The domain controller is being moved up into the cloud. The old computer is being retired.
- Divorce: Your organization is splitting, and you want to clone AD for the new organization. (Caution: The split must be permanent.)
- Disaster Recovery: Your organization subscribes to an offsite disaster recovery (DR) service. You upload a daily backup of Active Directory to the DR site. If a disaster occurs, change your DNS records to point to the disaster-recovery DC (with short TTL) and boot it. After the disaster ends you turn off the disaster-recovery DC and revert back to the original DC.
Caution: Duplicate Domain Controller
Even if you skip copying the IP addresses, the old and new computers must still never 'see' each other on the network. This is because two identical domain controllers must never publish the same Active Directory database at the same time. Otherwise it will cause serious confusion in your network and create errors in AD replication.
You cannot add a backup DC (BDC) merely by changing the IP address. This is because the cloned DC has the same security identity as the old DC (identical Machine ID), which is fixed for the life of the computer and can never be changed, even if you rename the computer or even if you rename the domain itself.
For this reason, the other DCs and member computers must never 'see' both DCs simultaneously. Otherwise the two AD databases will slowly diverge over time, because replication between them is impossible.
U-Move will scan for a duplicate DC
To prevent this problem, U-Move will carefully scan your network to check if the old DC is also connected. U-Move will thoroughly scan the LAN, DNS, WINS, NETBIOS, and the Network Neighborhood in order to try to find the original DC. If U-Move finds the original DC it will warn you and refuse to proceed.
If you are moving AD to a replacement computer, you must first permanently disconnect the old DC from the production network and retire it.
If you are doing a test move, the new DC must be installed in an isolated test lab that has no visible network connection to any of the original DCs or client desktop computers on the production network. For example, load the test DC in a virtual machine (VM) that is running inside a virtual network that has no connection to the real network.
What U-Move Will Copy
If you select Copy the IP addresses, U-Move will copy the following client network settings to the new computer:
- The statically assigned addresses for IP Version 4 (Example: 220.127.116.11)
- The statically assigned addresses for IP Version 6 (Example: 2001:db8:f9c2::48e7)
- The default gateway network address
- The client DNS addresses and settings. This information helps the computer locate a DNS server to find other computers on your network.
- The client DHCP settings
- The subnet masks (IPv4), network prefix lengths (IPv6), and interface metrics
- The registration of each connection's address in DNS (yes/no)
- The static network routes, if any, including metrics. (To view type route print at a command prompt)
- The hosts and lmhosts text files (C:\Windows\system32\drivers\etc\*)
If you select do not copy, after you load AD, there might be stale or bad records in DNS that point to the old Internet address of the old DC. This will cause connectivity problems with reaching the new DC.
Stale or bad DNS records can cause the DNS to fail to 'see' itself, causing loopback errors that will prevent the DC from connecting to its own local AD database.
If connectivity problems persist, you will need to manually locate the bad network records and fix them or delete them.
Stale or bad network records can be found in any of these locations:
- DNS A or PTR records.
- DNS SRV records. Look for the domain name as well as the computer name.
- WINS records. Look for the domain name as well as the computer name.
- The file \Windows\system32\drivers\etc\hosts or the file lmhosts. Check for these files on all domain controllers.
After you delete the stale network records, if you do not want to wait 5-10 minutes for automatic re-registration, you can force the DC to immediately register its Internet address(es) with the DNS server. Open an administrative console and type the following commands:
The ipconfig command will tell the computer to send ("register") its DNS A and PTR records to the DNS server. The nltest command will register the SRV records. The SRV records are used to locate domain controllers.
Ipconfig and Nltest are built-in utilities. On Windows Server 2003 Nltest is part of the Windows 2003 Support Tools, located on the Windows Server 2003 CD/DVD.
For more information
|U-Move for Active Directory|