moving DNS and DHCP to another Server 2003 server

Posted on 2007-04-05
Last Modified: 2010-04-18
i have a server2003 domain with 6 servers in it. i am in the process of retiring 2 of the servers and replacing them with one.  one is my anti virus and the other is ms sus server. both are dc's. i want to make this the DHCP server and primary DNS server with one of the others as a backup DNS. right now, my term server(dc) is doing dns and my mail server(member server) is doing dhcp.
Question by:joewy1
  • 3
  • 2

Expert Comment

Comment Utility
DNS is integral to Active Directory, and assuming that you are using AD integrated DNS Zones then you will find that all of your Domain Controlers are DNS servers, so if you want to retire a DNS server make sure that replication is working correctly then demote the domain controller and remove it from the domain.

Regarding DHCP; it is recommended that you don't install DHCP on a domain controller as this causes security issues. If you can outline what roles which servers do (i.e. Server 1 - DC, Server 2  - Exchange /DHCP, ...) I am sure someone will come up with a recommendation for you.
LVL 70

Accepted Solution

KCTS earned 250 total points
Comment Utility
How many Domain Controllers have you got.? If you only have one I would recommend installing a second.  so that you have full redundancy. Active Directory Integrated DNS is far more efficient you wold have to sacrifice this to have DNS on a different server and with no obvious benefits or fault tollerance. DHCP uses minimal resources so again not much benedit to be gained. A second domain controller which duplacates Acive Directory, DNS and DHCP services would be more beneficial providing load balancing and redundancy
The procees is fairly straight forward

From the command line promote a member server promote the  machine to a domain controller with the DCPROMO command from the command line
Select ‘Additional Domain Controller in an existing Domain’

Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the ‘Global Catalog’ checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

If you are using DHCP you should spread this across the domain controllers, In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Don’t forget to set the default gateway (router) and DNS Servers. Talking of which all the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller, and the Alternate DNS to the other, that way if one of the DNS Servers fails, the clients will automatically use the other,

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP. and the domain could function for a while at least should any one of them fail. However for a fully robust system you need to be aware that the first domain controller that existed will by default hold what are called FSMO Roles. There are five of these roles that are held on a single server and are essential for the functioning of the network. If the second Domain Controller fails, then no problem as the FSMO roles are on the first Domain Controller. However if you intent to function with the second Domain Controller only, then the roles need to be moved to the Second Domain Controller. Ideally if this is a planned event you should cleanly transfer the FSMO roles, if it is an unplanned ‘emergency’ the FSMO roles can be seized (see

Author Comment

Comment Utility
Server1= term server, file server, print server, DNS - DC
server2= sql/app server - member server
server3= anti virus, exchange tools loaded, DNS - DC (very old box)
server4= SUS server - DC (very old box)
server5= new server - DC
mail server= DHCP, exchange, veritas backup - member server

what i am really trying to accomplish is
1. remove all roles from  the term server so it will not get bogged down
2. retire servers 2 & 3
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails


Assisted Solution

RichardSlater earned 250 total points
Comment Utility
I assume from your first post you mean "2. retire servers 3 & 4"

As mentioned above DHCP and DNS are not particuarly "heavy" services, they do not use lots of resources even on very large networks. As such I would say it is fine to leave Server1 with the DC role, decommission server3 and server4 moving AV, Exchange Tools, SUS/WSUS to Server5 along with the DC role. You could also shift the print server role from Server1 to Server5 if you feel that printing is causing issues with terminal services.

As KCTS said in his post it is wise to distribute DHCP across your network, thus I would add the DHCP role to server2, and retain the DHCP role on mail server.

Depending on the amount of data and the hardware involved, I prefer to put the BackupExec media server on the same server as the majority of the files, this may either be the "mail server" or Server1 for you.

All said, your servers would look something similar to this:

Server1 : Terminal Server, File, Print, DC/DNS
Server2 : SQL , Application , DHCP
Server3 : * Decommissioned *
Server4 : * Decommissioned *
Server5 : WSUS, Anti Virus, Exchange Tools, DC/DNS
Mail Server : DHCP, Exchange, BackupExec

Hope that Helps

Author Comment

Comment Utility
my primary goal here is to do 2 things
1. relieve the term server of as many functions as i can for performance reasons.
2> retire the 2 servers and transfer the roles to the new one

Author Comment

Comment Utility
thanks for all of your help. sorry for thr delay in awarding pts.

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now