moving DNS and DHCP to another Server 2003 server

Posted on 2007-04-05
Medium Priority
Last Modified: 2010-04-18
i have a server2003 domain with 6 servers in it. i am in the process of retiring 2 of the servers and replacing them with one.  one is my anti virus and the other is ms sus server. both are dc's. i want to make this the DHCP server and primary DNS server with one of the others as a backup DNS. right now, my term server(dc) is doing dns and my mail server(member server) is doing dhcp.
Question by:joewy1
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2

Expert Comment

ID: 18858305
DNS is integral to Active Directory, and assuming that you are using AD integrated DNS Zones then you will find that all of your Domain Controlers are DNS servers, so if you want to retire a DNS server make sure that replication is working correctly then demote the domain controller and remove it from the domain.

Regarding DHCP; it is recommended that you don't install DHCP on a domain controller as this causes security issues. If you can outline what roles which servers do (i.e. Server 1 - DC, Server 2  - Exchange /DHCP, ...) I am sure someone will come up with a recommendation for you.
LVL 70

Accepted Solution

KCTS earned 1000 total points
ID: 18858993
How many Domain Controllers have you got.? If you only have one I would recommend installing a second.  so that you have full redundancy. Active Directory Integrated DNS is far more efficient you wold have to sacrifice this to have DNS on a different server and with no obvious benefits or fault tollerance. DHCP uses minimal resources so again not much benedit to be gained. A second domain controller which duplacates Acive Directory, DNS and DHCP services would be more beneficial providing load balancing and redundancy
The procees is fairly straight forward

From the command line promote a member server promote the  machine to a domain controller with the DCPROMO command from the command line
Select ‘Additional Domain Controller in an existing Domain’

Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the ‘Global Catalog’ checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

If you are using DHCP you should spread this across the domain controllers, In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Don’t forget to set the default gateway (router) and DNS Servers. Talking of which all the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller, and the Alternate DNS to the other, that way if one of the DNS Servers fails, the clients will automatically use the other,

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP. and the domain could function for a while at least should any one of them fail. However for a fully robust system you need to be aware that the first domain controller that existed will by default hold what are called FSMO Roles. There are five of these roles that are held on a single server and are essential for the functioning of the network. If the second Domain Controller fails, then no problem as the FSMO roles are on the first Domain Controller. However if you intent to function with the second Domain Controller only, then the roles need to be moved to the Second Domain Controller. Ideally if this is a planned event you should cleanly transfer the FSMO roles, if it is an unplanned ‘emergency’ the FSMO roles can be seized (see http://support.microsoft.com/kb/255504)

Author Comment

ID: 18864153
Server1= term server, file server, print server, DNS - DC
server2= sql/app server - member server
server3= anti virus, exchange tools loaded, DNS - DC (very old box)
server4= SUS server - DC (very old box)
server5= new server - DC
mail server= DHCP, exchange, veritas backup - member server

what i am really trying to accomplish is
1. remove all roles from  the term server so it will not get bogged down
2. retire servers 2 & 3
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Assisted Solution

RichardSlater earned 1000 total points
ID: 18868906
I assume from your first post you mean "2. retire servers 3 & 4"

As mentioned above DHCP and DNS are not particuarly "heavy" services, they do not use lots of resources even on very large networks. As such I would say it is fine to leave Server1 with the DC role, decommission server3 and server4 moving AV, Exchange Tools, SUS/WSUS to Server5 along with the DC role. You could also shift the print server role from Server1 to Server5 if you feel that printing is causing issues with terminal services.

As KCTS said in his post it is wise to distribute DHCP across your network, thus I would add the DHCP role to server2, and retain the DHCP role on mail server.

Depending on the amount of data and the hardware involved, I prefer to put the BackupExec media server on the same server as the majority of the files, this may either be the "mail server" or Server1 for you.

All said, your servers would look something similar to this:

Server1 : Terminal Server, File, Print, DC/DNS
Server2 : SQL , Application , DHCP
Server3 : * Decommissioned *
Server4 : * Decommissioned *
Server5 : WSUS, Anti Virus, Exchange Tools, DC/DNS
Mail Server : DHCP, Exchange, BackupExec

Hope that Helps

Author Comment

ID: 18906694
my primary goal here is to do 2 things
1. relieve the term server of as many functions as i can for performance reasons.
2> retire the 2 servers and transfer the roles to the new one

Author Comment

ID: 19007080
thanks for all of your help. sorry for thr delay in awarding pts.

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question