Demoting an AD DC and DNS Server to member server

Hello Experts,

I have a AD DC and DNS server that I want to demote to a member server or remove from AD so I can rebuild it and use it as web server.  Currently there are 3 DC on our company.  Can I just run dcpromo and demote the server, or is there anything else that has to be done to accomplish this?  I want to make sure that by demoting this DC/DNS server AD is not affected nor Exchange.  Is there any role on the DC that I would need to transfer to another DC?

This DNS server is being used as the secondary DNS server for the users.  Will the users be affected if I demote the server?
cartereverettAsked:
Who is Participating?
 
tigermattCommented:
First of all, check whether the DC is hosting any FSMO roles. You will need to transfer these to one of your other DCs should it have any. To find out, on the server, go to Start > Run > type cmd > OK. At the command prompt, type

netdom query fsmo

You'll then see the five roles with the server holding them.

Should any of the FSMO roles be listed with the server you want to demote you'll need to transfer them now. Failure to do so will result in having to seize them later on which can be a messy procedure. Here's how to do it:
Microsoft article: http://support.microsoft.com/kb/324801
Petri.co.il article: http://www.petri.co.il/transferring_fsmo_roles.htm

If this server is a secondary DNS server then that shouldn't be a problem since DNS is obviously installed elsewhere. If you're running WINS check there's another server running that. Then update your DHCP server(s) to remove this server as a DNS server and WINS server if appropriate. Also make sure any machines with static addresses (such as the other servers) are updated to remove this server as secondary DNS.

Is your Exchange server on another Domain Controller or on a member server? If it's on a DC then this shouldn't be a problem, but you need to make sure you have another global catalog server on the network if the server to be demoted was one. This website details how to set a server as global catalog, but use the same procedure to check each DC and make sure there is one that is a global catalog: http://www.petri.co.il/configure_a_new_global_catalog.htm
If you do set one up you'll have to give it a while for everything to replicate. If exchange is on a DC then this shouldn't be a problem since the DC exchange is on MUST be a global catalog server. Best to check anyway.

Make sure there aren't any user profiles or redirected folders (documents etc.) or other important files in shares which you should be moving. That's quite easy to find - just type
net share
at a command prompt and you can see all the shares and then one by one go through them and make sure you've got all the data out.

Then I think you would be ready to dcpromo and demote the server.
0
 
tigermattCommented:
One more point, after doing everything above but before you demote using dcpromo, you will need to give everything chance to replicate. I would recommend doing it one morning and leaving it for the rest of the day and all night. Then, the next morning, try shutting down the server you're going to demote and make sure everything is still working from domain user logons to DNS and internet browsing.

Also if this server is a global catalog (GC) (you know because the place where the link I gave before tells you to set a server as a GC will be ticked for this machine) then leave it as a global catalog whilst you make the new one a GC. Then leave it overnight before removing the GC status on this machine to make sure it replicates.

You may want to install DNS on one of the other DCs and set that one up as the secondary DNS in DHCP and on your static IP'ed machines. http://support.microsoft.com/kb/814591 It'll all replicate across from your primary one.
0
 
cartereverettAuthor Commented:
Tigermatt,

Thanks for replying so quick.  

Exchange is running on a Member server.  All 3 DC are running DNS, so I have another server I can use as secondary server.

I checked the fsmo roles, and they are all hosted by the first AD DC.  

Also, all three DC are GC.

Based on the information I found, is this server ready to be demoted once I change the secondary DNS server on the DHCP server and all server with static ip?

You wrote:
Also if this server is a global catalog (GC) (you know because the place where the link I gave before tells you to set a server as a GC will be ticked for this machine) then leave it as a global catalog whilst you make the new one a GC. Then leave it overnight before removing the GC status on this machine to make sure it replicates.

Since I have two other GC, do I have to leave the GC status on the server overnight?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
tigermattCommented:
Hi again

Exchange shouldn't be a problem since it's on the member server.

I can't see anything that would stop you from demoting it now. I would recommend going around and changing the secondary DNS before you demote it, but apart from that I can't see a problem.

Obviously you're the person who knows your network the best so if there is anything you suddenly think of which I might not know or have overlooked then post back and I'll get back to you.

Good luck! :-)
0
 
tigermattCommented:
Something I overlooked - I assume this server isn't the/a DHCP server? If it is, you'll need to move this server's scopes to another DHCP server.

Also, I would recommend uninstalling DNS before demoting the DC (you don't have to but it's a good idea to). Also uninstall DHCP and WINS if it's installed on the machine and there's another on the network to handle those services.

:-)
0
 
cartereverettAuthor Commented:
Currently the users athenticate through NT, so the DHCP server is NT box.
0
 
tigermattCommented:
Ah right, not a problem then! What about WINS, that should also be installed on one of the other DCs. (I assume you've already checked it)
0
 
cartereverettAuthor Commented:
WINS  is also running on NT.  
0
 
tigermattCommented:
That's not a problem. You should be able to demote that DC now!
0
 
cartereverettAuthor Commented:
Thanks for your help.

Please check Q_22745058
0
 
tigermattCommented:
Thanks for the points, I'll have a look at your other question in a mo!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.