Page tree

CloudConnect Docs

Skip to end of metadata
Go to start of metadata

Activate the Domain Controller for your Extended Environment (PrivateDomain)

Last Updated:  

Background: CloudConnect requires all registered Domain Controllers running on CloudConnect to hold the 5 FSMO roles. In this procedure, we will transfer FSMO roles from the existing Domain Controller to the newly deployed Domain Controller, and activate the DC using the Domain Controller Configuration utility.

Process:

1.) Transferring FSMO Roles, following Microsoft KB 255504:

On any DC, open a PowerShell Terminal or Command Prompt and execute the following:

>ntdsutil

>roles

>connections

>connect to server CloudDC

>q

>transfer schema master

>transfer infrastructure master

>transfer RID master

>transfer naming master

>transfer pdc

>q

>q

>exit

Note: CloudDC is the DNS name of the newly created Domain Controller in this example; replace with the name of the Domain Controller deployed on the CloudConnect platform. Wait aproximately 5 minutes for replication to complete.


2.) In vCloud Directory, click 'Actions' on the newly deployed DC and 'Insert Media.'


3.) Select the most recent version of the Domain Controller Configuration utility.


4.) Open a console to the virtual machine, and run the DC Config Utility.


5.) When prompted, provide credentials for the utility. NOTE: These credentials are your vCloud Director credentials, NOT your Domain Administrator credentials!


6.) Upon successful completion, the utility will display the following prompt.



7.) Finally, in vCloud Director, access the PrivateDomain's Org VDC Network, and change the Primary DNS IP Address from the on-premise Domain Controller to the newly created Cloud Domain Controller's IP Address.


Please remember to eject the DomainControllerConfig media from the Virtual Machine once you are finished.


Congratulations! Active Directory is now coexisting with the on-premise domain. You may now join newly created servers to the domain and users from the existing domain will be able to access those servers with their existing domain accounts. It may take up to an hour to start receiving CALs.


If the coexistence is temporary to support a full migration to CloudConnect, then you will want to demote the on-premise Domain Controller once the migration is complete and all on-premise devices are pointing to the Cloud Domain controller over the VPN tunnel.

See: Decommission On-Premise Domain Controller (optional)


Applies to: CloudConnect partners