Windows 2003 - Promote and Demote

Posted on 2006-05-04
Last Modified: 2008-11-24

My domain controller is about ready to die so I setup a new Windows 2003 server. How do make sure the new server has all of the Active Directory accounts before I demote the failing domain controller? What is the easiest and safest way to make the new server the domain controller so that I can work on the other server?

Question by:jhieb
    LVL 48

    Accepted Solution

    Hi jhieb,

    can be done quite easily with a clean install of the new server

    **Note - If introducing a 2003 R2 Server into the network as a DC you will need to run the ADPREP tools from the second cd


    you can also download here

    this boosts the schema up to cope with R2 functionality

    1) Promote your new machine as an additional domain controller in an already existing domain - this will allow AD to replicate to the new server
    2) Make sure DNS is AD integrated on your old DC to allow all DNS replications also
    3) Transfer the FSMO roles to the new server;en-us;255690
    4) Make the new DC a Global Catalog under Sites and Services
    5) Deactivate DHCP on the old DC (if used) and recreate the scope on the new DC
    6) Run DCDIAG to make sure all is well and replication is fine
    7) Demote the old DC if you dont intend to keep it as a backup
    8) Recreate Shares etc on the new server
    9) Reinstall printers and share them etc....
    10)Take over any DHCP roles etc that the old DC held

    this will allow you to have the complete AD directory on the new DC and clients will barely be aware of any changes
    LVL 1

    Author Comment


    Thanks. I've tried something similar to this once before and I ran dcpromo. When I did that my new server kept giving me errors. I can't remember what those errors were.

    Please elaborate on Step#1: How should I promote the new workstation to be an additional controller? Can I do this in the wizard?

    Yes, DNS and DHCP is on the old server.

    Please elaborate on Step#3:  What is and how do I transfer teh FSMO roles to the new server? Do I need to do this?

    Please elaborate on Step#4: How do I do this and is this necessary?

    Is there anything I need to be cautious of? I don't mind if I have to redo the new server but I don't want to take down or screw up the old server until the new one is working properly.

    LVL 48

    Expert Comment

    1) Step 1 is simply running dcpromo and adding and adittional Domain controller

    2) Step 3, FSMO roles are crucial to domain functions, the answer is yes, especially if your domain controller is dying, dont wait until it dies!

    3) Step 4 is once again a yes, you open up AD sites and services under admin tools, scroll down till you find your new DC, expand down to the NTDS setting, right click, properties, tick the GC box

    as long as you follow the links above with FSMO roles, then you should be fine, i have done this who knows how many times using that exact procedure
    LVL 1

    Author Comment

    Thanks your all your help!
    LVL 48

    Expert Comment

    no problem

    all the best

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
    Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now