moving DNS and DHCP to another Server 2003 server

i have a server2003 domain with 6 servers in it. i am in the process of retiring 2 of the servers and replacing them with one.  one is my anti virus and the other is ms sus server. both are dc's. i want to make this the DHCP server and primary DNS server with one of the others as a backup DNS. right now, my term server(dc) is doing dns and my mail server(member server) is doing dhcp.
joewy1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RichardSlaterCommented:
DNS is integral to Active Directory, and assuming that you are using AD integrated DNS Zones then you will find that all of your Domain Controlers are DNS servers, so if you want to retire a DNS server make sure that replication is working correctly then demote the domain controller and remove it from the domain.

Regarding DHCP; it is recommended that you don't install DHCP on a domain controller as this causes security issues. If you can outline what roles which servers do (i.e. Server 1 - DC, Server 2  - Exchange /DHCP, ...) I am sure someone will come up with a recommendation for you.
0
Brian PiercePhotographerCommented:
How many Domain Controllers have you got.? If you only have one I would recommend installing a second.  so that you have full redundancy. Active Directory Integrated DNS is far more efficient you wold have to sacrifice this to have DNS on a different server and with no obvious benefits or fault tollerance. DHCP uses minimal resources so again not much benedit to be gained. A second domain controller which duplacates Acive Directory, DNS and DHCP services would be more beneficial providing load balancing and redundancy
 
The procees is fairly straight forward

From the command line promote a member server promote the  machine to a domain controller with the DCPROMO command from the command line
Select ‘Additional Domain Controller in an existing Domain’

Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the ‘Global Catalog’ checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

If you are using DHCP you should spread this across the domain controllers, In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Don’t forget to set the default gateway (router) and DNS Servers. Talking of which all the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller, and the Alternate DNS to the other, that way if one of the DNS Servers fails, the clients will automatically use the other,

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP. and the domain could function for a while at least should any one of them fail. However for a fully robust system you need to be aware that the first domain controller that existed will by default hold what are called FSMO Roles. There are five of these roles that are held on a single server and are essential for the functioning of the network. If the second Domain Controller fails, then no problem as the FSMO roles are on the first Domain Controller. However if you intent to function with the second Domain Controller only, then the roles need to be moved to the Second Domain Controller. Ideally if this is a planned event you should cleanly transfer the FSMO roles, if it is an unplanned ‘emergency’ the FSMO roles can be seized (see http://support.microsoft.com/kb/255504)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
joewy1Author Commented:
Server1= term server, file server, print server, DNS - DC
server2= sql/app server - member server
server3= anti virus, exchange tools loaded, DNS - DC (very old box)
server4= SUS server - DC (very old box)
server5= new server - DC
mail server= DHCP, exchange, veritas backup - member server

what i am really trying to accomplish is
1. remove all roles from  the term server so it will not get bogged down
2. retire servers 2 & 3
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

RichardSlaterCommented:
I assume from your first post you mean "2. retire servers 3 & 4"

As mentioned above DHCP and DNS are not particuarly "heavy" services, they do not use lots of resources even on very large networks. As such I would say it is fine to leave Server1 with the DC role, decommission server3 and server4 moving AV, Exchange Tools, SUS/WSUS to Server5 along with the DC role. You could also shift the print server role from Server1 to Server5 if you feel that printing is causing issues with terminal services.

As KCTS said in his post it is wise to distribute DHCP across your network, thus I would add the DHCP role to server2, and retain the DHCP role on mail server.

Depending on the amount of data and the hardware involved, I prefer to put the BackupExec media server on the same server as the majority of the files, this may either be the "mail server" or Server1 for you.

All said, your servers would look something similar to this:

Server1 : Terminal Server, File, Print, DC/DNS
Server2 : SQL , Application , DHCP
Server3 : * Decommissioned *
Server4 : * Decommissioned *
Server5 : WSUS, Anti Virus, Exchange Tools, DC/DNS
Mail Server : DHCP, Exchange, BackupExec

Hope that Helps
0
joewy1Author Commented:
my primary goal here is to do 2 things
1. relieve the term server of as many functions as i can for performance reasons.
2> retire the 2 servers and transfer the roles to the new one
0
joewy1Author Commented:
thanks for all of your help. sorry for thr delay in awarding pts.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.