Promote Application Server and Demote Domain Controller Windows 2003 Server

Posted on 2006-04-10
Last Modified: 2008-03-17
Current Environment: I have a single Windows 2003 Server that is a Domain Controller with AD and is running DNS. I have a single Windows 2003 Server that is a basic application server.
Goal: I want the single Windows 2003 Server that is the DC with AD and DNS to become purely an Application Server not running DNS. I want the single Windows 2003 that is a basic application server to become the DC with AD and DNS.
Can you outline a step-by-step procedure and in what order I must do to achieve my goal. I want all accounts (user and computer) to be pulled over onto the new DC.
Question by:donaljcox
    LVL 51

    Expert Comment

    What kind of servers are these?  If they are brand name servers with similar low-level hardware it may be possible to simply move the drives between servers.

    LVL 10

    Expert Comment

    by:Walter Padrón
    Hi donaljcox ,

    The order is, first promote your app server then demote your DC

    Steps outlined here

    Author Comment

    HP and Dell. However, I cannot afford to move drives between servers.The current AD server is running an important database so I do not want to do this.
    LVL 51

    Accepted Solution

    Then promote the App server, move the FSMO roles, then demote the current DC.  Don't forget to make the App server a GC before demoting the original server.

    If any of these servers has Exchange, you CANNOT change the role of the server it's installed on - Exchange will break.


    Author Comment

    Exchange is not on any of the servers. Do I need to add DNS before I promote the App server or do I do this afterwards ?
    LVL 51

    Expert Comment

    Do it afterwards.

    Once the App server is a DC, make it a GC.  
    Make sure the DNS zones are all AD Integrated on the original DC.
    Install DNS to the App server.  DO NOT create anything manually.
    Restart Netlogon service on the new DC.
    Wait for DNS to replicate.
    Move the FSMO roles gracefully and allow an hour of steady state before demoting anything.
    Turn off the old DC to test the client connectivity before you demote it.  You'll spot any issues once the old DC is off.

    You should be good to go.


    Featured Post

    Find Ransomware Secrets With All-Source Analysis

    Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

    Join & Write a Comment

    I have never ceased to be amazed how many problems you can encounter on a fresh install of a Windows operating system.  This is certainly case in point& Unable to complete ANY MSI installation.  This means Windows Updates are failing and I can't …
    Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now