Replacing Windows 2003 Domain controller

Posted on 2007-08-06
Last Modified: 2010-03-05
I need to replace an aged system that happens to be a domain controller with a new piece of equipment.  I intend on keeping the same name and IP info on the new system.  The system that is being replaced does not have any of the FSMO roles assigned to it.  (I believe this is the correct term)My thought was to simply shutdown the old domain controller, remove it from the domain in Users and Computers and bring the new box online and running a DCPROMO to add this system to the network.  Simple enough?  I was reading through some other comments that made think that maybe it wasn't this simple and that I needed to do some other cleanup work before adding the new system to the domain.  Appreciate any insight.
Question by:K-Leininger_admin
    LVL 13

    Accepted Solution

    First of all, don't keep the same machine name and IP information as the old server; you are just asking for trouble. You will find your self cleaning up AD manually with an ldap tool. Your machines will find the new server just fine with a new name and IP address. Here's how I would do it:

    1. Set up the new server with its own name and IP.

    2. Run DCPROMO on the new server to promote it to a DC. Wait for or force replication.

    3. Run DCPROMO on the old server to demote it back to a member server. Wait for or force Ad replication before decommissioning the old server.

    The only thing to watch out for (and it is not that big a deal) is if the old server is a global catalog server. If it is, and you are using Exchange 2000 or higher, some of your people will have Outlook problems for a while until:

    a: Their GC info is replicated to another GC
    b: Their Outlook finds the new GC
    LVL 13

    Expert Comment

    Agree, remove the old DC properly by using dcpromo.  If it was a GC and you are adding a new dc, then ensure the new dc is also a GC.  Use AD Sites and Services to configure the DC as a GC (its a chackbox in the server or ntds properties.  (I can never remember which!)

    If you just take it off the network, then search at for "metadata cleanup" to ensure that AD removes all references to the server as a domain controller.  

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
    Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now