Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


moving DNS and DHCP to another Server 2003 server

Posted on 2007-04-05
Medium Priority
Last Modified: 2010-04-18
i have a server2003 domain with 6 servers in it. i am in the process of retiring 2 of the servers and replacing them with one.  one is my anti virus and the other is ms sus server. both are dc's. i want to make this the DHCP server and primary DNS server with one of the others as a backup DNS. right now, my term server(dc) is doing dns and my mail server(member server) is doing dhcp.
Question by:joewy1
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Expert Comment

ID: 18858305
DNS is integral to Active Directory, and assuming that you are using AD integrated DNS Zones then you will find that all of your Domain Controlers are DNS servers, so if you want to retire a DNS server make sure that replication is working correctly then demote the domain controller and remove it from the domain.

Regarding DHCP; it is recommended that you don't install DHCP on a domain controller as this causes security issues. If you can outline what roles which servers do (i.e. Server 1 - DC, Server 2  - Exchange /DHCP, ...) I am sure someone will come up with a recommendation for you.
LVL 70

Accepted Solution

KCTS earned 1000 total points
ID: 18858993
How many Domain Controllers have you got.? If you only have one I would recommend installing a second.  so that you have full redundancy. Active Directory Integrated DNS is far more efficient you wold have to sacrifice this to have DNS on a different server and with no obvious benefits or fault tollerance. DHCP uses minimal resources so again not much benedit to be gained. A second domain controller which duplacates Acive Directory, DNS and DHCP services would be more beneficial providing load balancing and redundancy
The procees is fairly straight forward

From the command line promote a member server promote the  machine to a domain controller with the DCPROMO command from the command line
Select ‘Additional Domain Controller in an existing Domain’

Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the ‘Global Catalog’ checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

If you are using DHCP you should spread this across the domain controllers, In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Don’t forget to set the default gateway (router) and DNS Servers. Talking of which all the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller, and the Alternate DNS to the other, that way if one of the DNS Servers fails, the clients will automatically use the other,

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP. and the domain could function for a while at least should any one of them fail. However for a fully robust system you need to be aware that the first domain controller that existed will by default hold what are called FSMO Roles. There are five of these roles that are held on a single server and are essential for the functioning of the network. If the second Domain Controller fails, then no problem as the FSMO roles are on the first Domain Controller. However if you intent to function with the second Domain Controller only, then the roles need to be moved to the Second Domain Controller. Ideally if this is a planned event you should cleanly transfer the FSMO roles, if it is an unplanned ‘emergency’ the FSMO roles can be seized (see http://support.microsoft.com/kb/255504)

Author Comment

ID: 18864153
Server1= term server, file server, print server, DNS - DC
server2= sql/app server - member server
server3= anti virus, exchange tools loaded, DNS - DC (very old box)
server4= SUS server - DC (very old box)
server5= new server - DC
mail server= DHCP, exchange, veritas backup - member server

what i am really trying to accomplish is
1. remove all roles from  the term server so it will not get bogged down
2. retire servers 2 & 3
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!


Assisted Solution

RichardSlater earned 1000 total points
ID: 18868906
I assume from your first post you mean "2. retire servers 3 & 4"

As mentioned above DHCP and DNS are not particuarly "heavy" services, they do not use lots of resources even on very large networks. As such I would say it is fine to leave Server1 with the DC role, decommission server3 and server4 moving AV, Exchange Tools, SUS/WSUS to Server5 along with the DC role. You could also shift the print server role from Server1 to Server5 if you feel that printing is causing issues with terminal services.

As KCTS said in his post it is wise to distribute DHCP across your network, thus I would add the DHCP role to server2, and retain the DHCP role on mail server.

Depending on the amount of data and the hardware involved, I prefer to put the BackupExec media server on the same server as the majority of the files, this may either be the "mail server" or Server1 for you.

All said, your servers would look something similar to this:

Server1 : Terminal Server, File, Print, DC/DNS
Server2 : SQL , Application , DHCP
Server3 : * Decommissioned *
Server4 : * Decommissioned *
Server5 : WSUS, Anti Virus, Exchange Tools, DC/DNS
Mail Server : DHCP, Exchange, BackupExec

Hope that Helps

Author Comment

ID: 18906694
my primary goal here is to do 2 things
1. relieve the term server of as many functions as i can for performance reasons.
2> retire the 2 servers and transfer the roles to the new one

Author Comment

ID: 19007080
thanks for all of your help. sorry for thr delay in awarding pts.

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question