Replacing Windows 2003 Domain controller

Posted on 2007-08-06
Medium Priority
Last Modified: 2010-03-05
I need to replace an aged system that happens to be a domain controller with a new piece of equipment.  I intend on keeping the same name and IP info on the new system.  The system that is being replaced does not have any of the FSMO roles assigned to it.  (I believe this is the correct term)My thought was to simply shutdown the old domain controller, remove it from the domain in Users and Computers and bring the new box online and running a DCPROMO to add this system to the network.  Simple enough?  I was reading through some other comments that made think that maybe it wasn't this simple and that I needed to do some other cleanup work before adding the new system to the domain.  Appreciate any insight.
Question by:K-Leininger_admin
LVL 13

Accepted Solution

Yancey Landrum earned 500 total points
ID: 19638423
First of all, don't keep the same machine name and IP information as the old server; you are just asking for trouble. You will find your self cleaning up AD manually with an ldap tool. Your machines will find the new server just fine with a new name and IP address. Here's how I would do it:

1. Set up the new server with its own name and IP.

2. Run DCPROMO on the new server to promote it to a DC. Wait for or force replication.

3. Run DCPROMO on the old server to demote it back to a member server. Wait for or force Ad replication before decommissioning the old server.

The only thing to watch out for (and it is not that big a deal) is if the old server is a global catalog server. If it is, and you are using Exchange 2000 or higher, some of your people will have Outlook problems for a while until:

a: Their GC info is replicated to another GC
b: Their Outlook finds the new GC
LVL 13

Expert Comment

ID: 19638480
Agree, remove the old DC properly by using dcpromo.  If it was a GC and you are adding a new dc, then ensure the new dc is also a GC.  Use AD Sites and Services to configure the DC as a GC (its a chackbox in the server or ntds properties.  (I can never remember which!)

If you just take it off the network, then search at support.microsoft.com for "metadata cleanup" to ensure that AD removes all references to the server as a domain controller.  

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question