moving DNS and DHCP to another Server 2003 server

Posted on 2007-04-05
Last Modified: 2010-04-18
i have a server2003 domain with 6 servers in it. i am in the process of retiring 2 of the servers and replacing them with one.  one is my anti virus and the other is ms sus server. both are dc's. i want to make this the DHCP server and primary DNS server with one of the others as a backup DNS. right now, my term server(dc) is doing dns and my mail server(member server) is doing dhcp.
Question by:joewy1
  • 3
  • 2

Expert Comment

ID: 18858305
DNS is integral to Active Directory, and assuming that you are using AD integrated DNS Zones then you will find that all of your Domain Controlers are DNS servers, so if you want to retire a DNS server make sure that replication is working correctly then demote the domain controller and remove it from the domain.

Regarding DHCP; it is recommended that you don't install DHCP on a domain controller as this causes security issues. If you can outline what roles which servers do (i.e. Server 1 - DC, Server 2  - Exchange /DHCP, ...) I am sure someone will come up with a recommendation for you.
LVL 70

Accepted Solution

KCTS earned 250 total points
ID: 18858993
How many Domain Controllers have you got.? If you only have one I would recommend installing a second.  so that you have full redundancy. Active Directory Integrated DNS is far more efficient you wold have to sacrifice this to have DNS on a different server and with no obvious benefits or fault tollerance. DHCP uses minimal resources so again not much benedit to be gained. A second domain controller which duplacates Acive Directory, DNS and DHCP services would be more beneficial providing load balancing and redundancy
The procees is fairly straight forward

From the command line promote a member server promote the  machine to a domain controller with the DCPROMO command from the command line
Select ‘Additional Domain Controller in an existing Domain’

Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the ‘Global Catalog’ checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

If you are using DHCP you should spread this across the domain controllers, In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Don’t forget to set the default gateway (router) and DNS Servers. Talking of which all the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller, and the Alternate DNS to the other, that way if one of the DNS Servers fails, the clients will automatically use the other,

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP. and the domain could function for a while at least should any one of them fail. However for a fully robust system you need to be aware that the first domain controller that existed will by default hold what are called FSMO Roles. There are five of these roles that are held on a single server and are essential for the functioning of the network. If the second Domain Controller fails, then no problem as the FSMO roles are on the first Domain Controller. However if you intent to function with the second Domain Controller only, then the roles need to be moved to the Second Domain Controller. Ideally if this is a planned event you should cleanly transfer the FSMO roles, if it is an unplanned ‘emergency’ the FSMO roles can be seized (see

Author Comment

ID: 18864153
Server1= term server, file server, print server, DNS - DC
server2= sql/app server - member server
server3= anti virus, exchange tools loaded, DNS - DC (very old box)
server4= SUS server - DC (very old box)
server5= new server - DC
mail server= DHCP, exchange, veritas backup - member server

what i am really trying to accomplish is
1. remove all roles from  the term server so it will not get bogged down
2. retire servers 2 & 3
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.


Assisted Solution

RichardSlater earned 250 total points
ID: 18868906
I assume from your first post you mean "2. retire servers 3 & 4"

As mentioned above DHCP and DNS are not particuarly "heavy" services, they do not use lots of resources even on very large networks. As such I would say it is fine to leave Server1 with the DC role, decommission server3 and server4 moving AV, Exchange Tools, SUS/WSUS to Server5 along with the DC role. You could also shift the print server role from Server1 to Server5 if you feel that printing is causing issues with terminal services.

As KCTS said in his post it is wise to distribute DHCP across your network, thus I would add the DHCP role to server2, and retain the DHCP role on mail server.

Depending on the amount of data and the hardware involved, I prefer to put the BackupExec media server on the same server as the majority of the files, this may either be the "mail server" or Server1 for you.

All said, your servers would look something similar to this:

Server1 : Terminal Server, File, Print, DC/DNS
Server2 : SQL , Application , DHCP
Server3 : * Decommissioned *
Server4 : * Decommissioned *
Server5 : WSUS, Anti Virus, Exchange Tools, DC/DNS
Mail Server : DHCP, Exchange, BackupExec

Hope that Helps

Author Comment

ID: 18906694
my primary goal here is to do 2 things
1. relieve the term server of as many functions as i can for performance reasons.
2> retire the 2 servers and transfer the roles to the new one

Author Comment

ID: 19007080
thanks for all of your help. sorry for thr delay in awarding pts.

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question