Solved

Retiring old DC - need to move master catalog?

Posted on 2006-06-15
3
432 Views
Last Modified: 2006-11-18
I'm planning on retiring our old DC which is currently running Windows Server 2003 on out-dated proprietary hardware.  It is our main DC that was originally upgraded from NT.  I have another DC on modern hardware running Windows Server 2003 as well.

Before I retire the DC, I seem to remember that I should do the following:

-Move Global Catalog
-Transfer FSMO Roles

Is this correct?  Anything else?  Any tips on performing the above?

Thanks!
0
Comment
Question by:lauren_it
  • 2
3 Comments
 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 125 total points
ID: 16917392
can be done quite easily with a clean install of the new server

**Note - If introducing a 2003 R2 Server into the network as a DC you will need to run the ADPREP tools from the second cd

\CMPNENTS\R2\ADPREP

you can also download here
http://www.microsoft.com/downloads/details.aspx?familyid=5B73CF03-84DD-480F-98F9-526EC09E9BA8&displaylang=en

this boosts the schema up to cope with R2 functionality
http://www.microsoft.com/windowsserver2003/r2/whatsnewinr2.mspx

1) Promote your new machine as an additional domain controller in an already existing domain - this will allow AD to replicate to the new server
2) Make sure DNS is AD integrated on your old DC to allow all DNS replications also
3) Transfer the FSMO roles to the new server
http://www.petri.co.il/transferring_fsmo_roles.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;255690
4) Make the new DC a Global Catalog under Sites and Services
http://support.microsoft.com/?kbid=313994
5) Deactivate DHCP on the old DC (if used) and recreate the scope on the new DC, note if you have a fairly complex or Large DHCP scheme you may want to export and import the database
http://support.microsoft.com/kb/325473/
6) Run DCDIAG to make sure all is well and replication is fine
7) Demote the old DC if you dont intend to keep it as a backup
8) Recreate Shares etc on the new server
9) Reinstall printers and share them etc....


this will allow you to have the complete AD directory on the new DC and clients will barely be aware of any changes
0
 

Author Comment

by:lauren_it
ID: 16919529
Well, since the new server is already a Domain Controller(clean install), and DNS is AD integrated, and there are no shares or printers to move, that doesn't look too bad!  I'll transfer the FSMO roles and make the new DC a global catalog.  Thanks.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 16920242
no worries
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Question about AD permissions 2 67
formating cluster disk 6 78
"Why did the system shutdown, unexpectedly? Getting the message at login. 4 63
Dentrix G4 1 59
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question