Solved

New Domain Controller

Posted on 2007-03-26
3
198 Views
Last Modified: 2010-04-20
I have a network with 8 domain controllers using Windows Server 2003. The main domain controller is a Dell Power Edge 4600, and all other domain controllers replicate from it. I have purchased a new Dell Power Edge 2950 to replace the 4600. What procedures do I need to take to have the 2950 take over the 4600's role.
0
Comment
Question by:crsrvn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 2

Expert Comment

by:funky2yc340
ID: 18792850
This link http://support.microsoft.com/kb/324801has step-by-step methods for transferring all FSMO roles.  Of course, the new server will need to be promoted to a DC and finish replication before you transfer the roles.
0
 
LVL 2

Expert Comment

by:funky2yc340
ID: 18792856
This link http://support.microsoft.com/kb/324801 has step-by-step methods for transferring all FSMO roles.  Of course, the new server will need to be promoted to a DC and finish replication before you transfer the roles.
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 250 total points
ID: 18792879
AD domain controllers act in a "multi-master" capacity, which means that you can easily add and remove domain controllers from your environment.  Some things to keep in mind when retiring an existing DC:

[1] Does it hold any of the FSMO roles? If so, transfer those roles to another DC before removing the existing DC from the network using the steps listed here: http://support.microsoft.com/kb/324801

[2] Do any existing applications reference this DC directly by name?  If so, beat your developers about the head and shoulders, as they should be using DNS lookups to locate a DC for their applications.  :-)

[3] Does the DC hold any other file shares or applications (other than Active Directory) that need to be migrated to another server before decommissioning this one?

[4] Does this DC host any application partitions or ADAM instances that are not being replicated elsewhere? If so, modify the configuration of these partitions so that they are replicated to other DCs so that no data is lost.

Once you are satisfied that the existing DC is ready to be retired, simply run dcpromo on the existing DC and choose the option to remove Active Directory from this server - do NOT select the check-box next to "This is the last domain controller in this domain."

If you are configuring the new DC with a different DNS name than the one to be retired, you can add the new DC to AD at any time. If you want to configure it with the same name as the retired DC, you'll need to wait until you've dcpromo'd the old DC out and removed it from the network. Assuming the de-promotion went smoothly, you can add the new DC with the same name by simply running dcpromo on the new server. If there were any errors in removing AD from the old server, you'll need to perform a metadata cleanup before adding the new DC using the following steps: http://support.microsoft.com/kb/216498

Hope this helps.

Laura E. Hunter - Microsoft MVP: Windows Server - Networking
0

Featured Post

How Do You Stack Up Against Your Peers?

With today’s modern enterprise so dependent on digital infrastructures, the impact of major incidents has increased dramatically. Grab the report now to gain insight into how your organization ranks against your peers and learn best-in-class strategies to resolve incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question