How to rebuild W2K domain controller with same name.

We have a Windows 2000 Active Directory Server that we want to wipe and rebuild.  How do we go about this?  The domain has 3 other systems on it that only use this domain controller for authentication and DNS.  The actual domain controller was running as an internet DNS server and non-microsoft mail server.  I have moved the mail system to another machine.  I want to migrate DNS off this box (pretty sure I know how to do this..) then rebuild it.  Will I have problems when taking this system down, and then plugging in a replacement with the same IP address, system name and domain name?  Any tips?
Who is Participating?
Lee W, MVPTechnology and Business Process AdvisorCommented:
Honestly, to, me it's a hassel to rebuild things when there is another option.  I would probably promote the current mail or backup/IIS server to be the DC with the roles migrated to it.  Then I'd blow away the system and rebuild it.  I recently had to effectively do what you are doing for 10 users and 14 PCs.  Honestly, it was a nightmare - especially the PCs.  Actually, as I think more, I'd probably - if you could scrap up $60-100, buy another hard drive.  Yank the one in the system now and then build from scratch.  If you find too many things break (check your web server, backup, etc), then you can always put the drive back in the system and rejoin the workstations to the domain.  

Sorry, I've worked with 4 Active Directory implementations and over time, they have proven their complexity to me.  You obviously know your systems better than I, but I wouldn't take the chance.  As long as the existing domain wasn't failing (structure, AD errors, etc), I'd move the AD to another server, rebuild this one, then move it back.  

Please keep in mind, I'm not suggesting PERMANENTLY moving AD to another server, just temporarily while you rebuild the system you want to rebuild.

Also, if it's NOT the only DC, then ripping it out and rebuilding is pretty simple - only thing, demote it first with DCPROMO so it's properly removed from the directory and can be readded later with the same name and DNS doesn't get screwed.

(Sorry, I hope I'm being coherent enough here - been a LONG day).
have a look at this
petelong got the best explination that i've found.

hope that this helps
oltraverAuthor Commented:
Looks excellent, and I will try as a last resort, but I need to know if there is anything I can do to use the *same* box for the rebuild?!  We don't have any extra hardware at this time (but may be able to dig some up if this turns out to be a nightmare!)
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Lee W, MVPTechnology and Business Process AdvisorCommented:
Can you promote one of the other servers to be a domain controller?  Any 2000 server can be.  IF you don't you'll lose all your user accounts and the computer account information as well as any GPOs you may be using.  

If you can, promote the other system then transfer the Operations Masters using the appropriate tools (you really should try not to SEIZE things unless you have no choice.

If you can't then you're pretty much going to start the domain from scratch.  In which case, you might want to try to dump the users so you can script them in on the new domain and you'll have to reconnect all clients to the new domain.

Why is you want to rebuild the system?  crashing often?
man, ther's alot of things that you can do, but without hair loss and possibly nervious breakdown pete's is the way to go
oltraverAuthor Commented:
Let me give you some background so I (we!) can make the best decision.

A founding member of the company I work for is leaving and had a TON of his personal stuff spread across 16+ web/mail/ftp servers.  We have consolidated it all to one set of servers, 3 have been allocated for this project.  Management wants me to maintain this hardware allocation, and wipe and rebuild each server to suit his needs, while ensuring that the systems are stable (we’ve had 4 non-documenting system administrators in the last 5+ years and the systems are a mess,) and also to make sure no information is left on the systems related to the parent company.

The bulk of this work is done.  I rebuilt new DNS servers and migrated all of the domains we are keeping to a whole new domain, upgrading and rebuilding everything in the migration process.  The last piece of the puzzle is this original (largely unused) domain controller, that only he is going to use, and is going to be taken offsite when I am done with it.

Original and Current Configuration of the servers is as follows:

One system was a Backup Exec server.  It has since been rebuilt as an IIS and Backup Exec server.
One used to be a secondary DNS and an IIS server. It has since been rebuilt as an email server.  Secondary DNS was moved to a system that we are keeping until the migration is done (He will be collocating elsewhere and not using our DNS servers any longer.)
The last machine (the Domain Controller in question) was a mail server (now moved), Primary DNS server (needs to be moved) and Domain Controller.

I don’t think rebuilding the domain will be that big of a deal since this domain controller only authenticates logins for the domain for 2 accounts, a backup exec account and the admin account on all machines.

Losing the user and computer accounts should not be that big of a deal, and there are no GPOs on this particular domain, besides default configs.  I really don’t want to promote one of the newly rebuilt servers to a DC as they are running perfectly now as is.

I guess I need to know how much of a pain it is to rip out a domain controller and rebuild it so it can be dropped back in the exact same role, minus Primary Internet DNS.

What would you do?
oltraverAuthor Commented:
I'll give this a try next week and assign split points when it's a success! *knockknockknock*  Thanks you two!
oltraverAuthor Commented:
Looks like the change will happen early NEXT week, so I'll assign points then.

A few more questions, if I may:

1. What is the exact dcpromo command to demote the old server before I take it offline and rebuild it?
2. How can I make sure that the new server has all the proper FSMO roles assigned to it?  I followed the instructions provided by PeteLong to the letter and it seems OK, although I wasn't sure what to do with the Global Catalog as his instructions said not to run it on the same machine as the Infrastructure Master role.  I  only had one doamin controller before I started this process, so where did the Global Catalog and Infrastructure Master role reside before, if not on the same server?


oltraverAuthor Commented:
All done and it works!  Thanks you guys!
Lee W, MVPTechnology and Business Process AdvisorCommented:
Sorry for the delay - here's some comments regarding your past questions:

This will explain Operations Masters and verifying their locations in a variety of ways:

As you probably already figured out, just run DCPROMO - it's a wizard and will provide an option to remove Active Directory from the computer.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.