[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Demoting an AD DC and DNS Server to member server

Posted on 2007-08-06
11
Medium Priority
?
616 Views
Last Modified: 2008-10-23
Hello Experts,

I have a AD DC and DNS server that I want to demote to a member server or remove from AD so I can rebuild it and use it as web server.  Currently there are 3 DC on our company.  Can I just run dcpromo and demote the server, or is there anything else that has to be done to accomplish this?  I want to make sure that by demoting this DC/DNS server AD is not affected nor Exchange.  Is there any role on the DC that I would need to transfer to another DC?

This DNS server is being used as the secondary DNS server for the users.  Will the users be affected if I demote the server?
0
Comment
Question by:cartereverett
  • 7
  • 4
11 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 2000 total points
ID: 19638067
First of all, check whether the DC is hosting any FSMO roles. You will need to transfer these to one of your other DCs should it have any. To find out, on the server, go to Start > Run > type cmd > OK. At the command prompt, type

netdom query fsmo

You'll then see the five roles with the server holding them.

Should any of the FSMO roles be listed with the server you want to demote you'll need to transfer them now. Failure to do so will result in having to seize them later on which can be a messy procedure. Here's how to do it:
Microsoft article: http://support.microsoft.com/kb/324801
Petri.co.il article: http://www.petri.co.il/transferring_fsmo_roles.htm

If this server is a secondary DNS server then that shouldn't be a problem since DNS is obviously installed elsewhere. If you're running WINS check there's another server running that. Then update your DHCP server(s) to remove this server as a DNS server and WINS server if appropriate. Also make sure any machines with static addresses (such as the other servers) are updated to remove this server as secondary DNS.

Is your Exchange server on another Domain Controller or on a member server? If it's on a DC then this shouldn't be a problem, but you need to make sure you have another global catalog server on the network if the server to be demoted was one. This website details how to set a server as global catalog, but use the same procedure to check each DC and make sure there is one that is a global catalog: http://www.petri.co.il/configure_a_new_global_catalog.htm
If you do set one up you'll have to give it a while for everything to replicate. If exchange is on a DC then this shouldn't be a problem since the DC exchange is on MUST be a global catalog server. Best to check anyway.

Make sure there aren't any user profiles or redirected folders (documents etc.) or other important files in shares which you should be moving. That's quite easy to find - just type
net share
at a command prompt and you can see all the shares and then one by one go through them and make sure you've got all the data out.

Then I think you would be ready to dcpromo and demote the server.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 19638180
One more point, after doing everything above but before you demote using dcpromo, you will need to give everything chance to replicate. I would recommend doing it one morning and leaving it for the rest of the day and all night. Then, the next morning, try shutting down the server you're going to demote and make sure everything is still working from domain user logons to DNS and internet browsing.

Also if this server is a global catalog (GC) (you know because the place where the link I gave before tells you to set a server as a GC will be ticked for this machine) then leave it as a global catalog whilst you make the new one a GC. Then leave it overnight before removing the GC status on this machine to make sure it replicates.

You may want to install DNS on one of the other DCs and set that one up as the secondary DNS in DHCP and on your static IP'ed machines. http://support.microsoft.com/kb/814591 It'll all replicate across from your primary one.
0
 

Author Comment

by:cartereverett
ID: 19638688
Tigermatt,

Thanks for replying so quick.  

Exchange is running on a Member server.  All 3 DC are running DNS, so I have another server I can use as secondary server.

I checked the fsmo roles, and they are all hosted by the first AD DC.  

Also, all three DC are GC.

Based on the information I found, is this server ready to be demoted once I change the secondary DNS server on the DHCP server and all server with static ip?

You wrote:
Also if this server is a global catalog (GC) (you know because the place where the link I gave before tells you to set a server as a GC will be ticked for this machine) then leave it as a global catalog whilst you make the new one a GC. Then leave it overnight before removing the GC status on this machine to make sure it replicates.

Since I have two other GC, do I have to leave the GC status on the server overnight?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
LVL 58

Expert Comment

by:tigermatt
ID: 19639810
Hi again

Exchange shouldn't be a problem since it's on the member server.

I can't see anything that would stop you from demoting it now. I would recommend going around and changing the secondary DNS before you demote it, but apart from that I can't see a problem.

Obviously you're the person who knows your network the best so if there is anything you suddenly think of which I might not know or have overlooked then post back and I'll get back to you.

Good luck! :-)
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 19639993
Something I overlooked - I assume this server isn't the/a DHCP server? If it is, you'll need to move this server's scopes to another DHCP server.

Also, I would recommend uninstalling DNS before demoting the DC (you don't have to but it's a good idea to). Also uninstall DHCP and WINS if it's installed on the machine and there's another on the network to handle those services.

:-)
0
 

Author Comment

by:cartereverett
ID: 19640250
Currently the users athenticate through NT, so the DHCP server is NT box.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 19640366
Ah right, not a problem then! What about WINS, that should also be installed on one of the other DCs. (I assume you've already checked it)
0
 

Author Comment

by:cartereverett
ID: 19641058
WINS  is also running on NT.  
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 19641386
That's not a problem. You should be able to demote that DC now!
0
 

Author Comment

by:cartereverett
ID: 19641415
Thanks for your help.

Please check Q_22745058
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 19641640
Thanks for the points, I'll have a look at your other question in a mo!
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month17 days, 21 hours left to enroll

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question