Domain Controller Swapping

Can I do this?

I have a network of 5 PCs that all log into a central domain controller (server.) Users are not given the ability to log in locally, they must log in through the domain.

I need to take the domain PC down but I still need my users to be able to work. I have a spare server. My idea is to set up a domain controller WITH THE SAME NAME as the domain on the main server. I would enter the users & passwords into this spare domain with their permissions. Then I would swap the main out with the spare.

Would the users still be able to log into the domain and gain access to their files? Or do the domains contain some kind of inherent "signature" that would prevent this type of swap even if the domains are named the same?

Thanks for any info you can provide me!

It' all depends whether this is an NT or Windows 2000/2003 domain.

If it's NT, then no you can do what you're suggesting, the 'inherent signature', aka SID, will prevent this action.

You need to install another server with NT Server and at installation select it to be a Backup Domain Controller (BDC) for the domain. For this to work the Primary Domain Controller (PDC) must be online and reachable from the BDC at the time of installation.
If the installation is successful, the BDC will automatically receive a copy of all the users and their passwords from the PDC.
You will then need to manually copy any login scripts from the PDC to the BDC.

If the PDC also acts as a file server, then you will also need to backup and restore from the PDC to the BDC any folders that are shared. Nb. You must use a NT aware backup program like 'ntbackup', otherwise the files and folders will be restored to the BDC minus their permissions.

You will also need to re-share any shared folders and install and share printers. And because the name of the machine is different, the clients will need to map their drives to the name of the BDC instead of the PDC. If this is done through login scripts then it's not a major problem, but if it's configured on the client then it's a pain to have to go round all the clients, especially for a temporary change!

Finally, you promote the BDC to be the PDC for the domain, at which point you can take the PDC offline for maintenance.

As you can see this is no small task, but there is a possible alternative...

If the spare server has identical hardware to the PDC then you could just image the drives from the PDC to the spare. Voilla! Instant server!

Sorry to waffle... I can't seem to stop once I get started.

Hope some of the helps.

Good luck.

If you provide a little more info on OS, AD or not etc. I can provide more detailed help. I'll assume your W2K or newer and AD.
If so DO NOT try to bait and switch DC's. It WILL NOT WORK. Way too much intigration in a domain.
The best method is to add a second DC and let it replicate so as to be up to date. Then you can remove the original DC with no ill effects. It will take a little time to set it up but well worth it. If this is in a production environment leaving the second DC in the network after you've completed work on the first is a good idea anyhow. Then you avoid a single point of failure and can take a DC down any time you want with no problem.

Good luck. If you want more specific help give me more details and I'll do what I can..
This should get you started. I would also do a search of Micro$oft Technet before starting. They have some pretty detailed how- to articles.

To create an additional domain controller
Click Start, click Run, and then type dcpromo /adv to open the Active Directory Installation Wizard with the option to create an additional domain controller from restored backup files.
On the Operating System Compatibility page, read the information and then click Next.
If this is the first time you have installed Active Directory on a server running Windows Server 2003, click Compatibility Help for more information.

On the Domain Controller Type page, click Additional domain controller for an existing domain, and then click Next.
On the Copying Domain Information page, do one of the following:
Click Over the network, and then click Next.
Click From these restored backup files, and type the location of the restored backup files, or click Browse to locate the restored files, and then click Next.
On the Network Credentials page, type the user name, password, and user domain of the user account you want to use for this operation, and then click Next.
The user account must be a member of the Domain Admins group for the target domain.

On the Database and Log Folders page, type the location in which you want to install the database and log folders, or click Browse to choose a location, and then click Next.
On the Shared System Volume page, type the location in which you want to install the Sysvol folder, or click Browse to choose a location, and then click Next.
On the Directory Services Restore Mode Administrator Password page, type and confirm the password that you want to assign to the Administrator account for this server, and then click Next.
Use this password when starting the computer in Directory Services Restore Mode.

Review the Summary page, and then click Next to begin the installation.
Restart the computer.
Notes

To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.
The /adv switch is only necessary when you want to create a domain controller from restored backup files. It is not required when creating an additional domain controller over the network.
In step 3, when choosing the option to copy domain information over the network, all directory data for the domain in which this domain controller will be a member will be copied over your network connection. You will have the option to cancel non-critical replication, if necessary.
In step 3, when choosing the option to copy domain information from restored backup files, you will need to first back up the System State data of a domain controller running Windows Server 2003 from the domain in which this member server will become an additional domain controller. Then, the System State backup must be restored locally on the server on which you are installing Active Directory. To do this using Backup, choose the option Restore files to: Alternate location. For more information about restoring backups, see Related Topics.
If a domain controller that was backed up contained an application directory partition, the application directory partition will not be restored on the new domain controller. For information about how to manually create an application directory partition on a new domain controller, see Related Topics.
If the domain controller from which you restored the System State data was a global catalog, you will have the option to make this new domain controller a global catalog.
You can also use a smart card to verify administrative credentials. For more information about smart cards, see Related Topics.
You cannot install Active Directory on a computer running Windows Server 2003, Web Edition, but you can join the computer to an Active Directory domain as a member server. For more information about Windows Server 2003, Web Edition, see Related Topics.