• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 206
  • Last Modified:

advice for putting in new domain controller / removing 2000 DC from domain

I have a domain with 5 domain controllers. 2 are win2000 server, 3 are windows server 2003.
I am getting SAM error messages (event 16650) on one of these servers, which currently is the RID and PLC master role of the domain. I have not corrected the error and do not plan on doing so because that server will be removed.
both of the win2000 server are being replaced within the next 10 days and i would like to make the server that is replacing one of them to be the FSMO and have all of these master roles listed above. I printed MS documentation about seizing the FSMO, but not sure what the proper sequence of events should be in terms of dc demotion, any forest or other prep that might be required, etc.
FYI-Also, one of the current 2003 servers are an exchange server should that play into the equation.
If I am not clear enough, I might be able to elaborate, but any advice would be greatly appreciated.
Thanks.
Joe
0
Joe_Brand
Asked:
Joe_Brand
  • 3
  • 2
2 Solutions
 
MrLonandBCommented:
Once you've seized the FSMO Roles you can run dcpromo and demote the servers. But I would not demote them until I am satisfied that the roles are functioning properly -- on whichever machine has been tasked with them. I would seize the roles and power down the server that are to go away. Let things run for whatever timeframe you need to be comfortable that all is stable -- the dcpromo them.

Also, and you probably are aware of this, but when you remove those servers -- do you have Global Catalog assigned as needed?
0
 
Joe_BrandAuthor Commented:
what has to be done with the GC when I remove the server?
0
 
KCTSCommented:
Do  not seize the FSMO roles unless there is no alternative - you sould cleanly transfer the roles id possible http://www.petri.co.il/transferring_fsmo_roles.htm only seize if a transfer is not possible http://www.petri.co.il/seizing_fsmo_roles.htm

Make sure at least another DC is a global catalog server go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Move any services such as DHCP to another machine.

Any clients (and the domain controllers) need to have their Preferred DNS and alternate DNS server checked to make sure they do not use the DC you are about to demote. If they do then chnaged it to another.

Finally femote the original server with DCPROMO then remove it from the domain.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
KCTSCommented:
Without Typos - Do not seize the FSMO roles unless there is no alternative - you sould cleanly transfer the roles if possible http://www.petri.co.il/transferring_fsmo_roles.htm only seize if a transfer is not possible http://www.petri.co.il/seizing_fsmo_roles.htm

Make sure at least another DC is a global catalog server go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the "Global Catalog" checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Move any services such as DHCP to another machine.

Any clients (and the domain controllers) need to have their Preferred DNS and alternate DNS server checked to make sure they do not use the DC you are about to demote. If they do then changed it to another.

Finally demote the original server with DCPROMO then remove it from the domain.
0
 
Joe_BrandAuthor Commented:
thanks, but there was till one typo...   :)
0
 
Joe_BrandAuthor Commented:
thank you for the input...i was wondering what if any impact this move is going to have on the current errors I am getting on the RID master. should they cease after a differnt DC is promoted and the current RID is demoted off the domain? see above for error details in my initial question
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now