[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


How to replace a Windows 2000 PDC with a new Windows 2003 server?

Posted on 2007-10-08
Medium Priority
Last Modified: 2010-03-17
Hi Experts,

One of our customers currently has an older Windows Server 2000 machine setup as a primary domain controller and several newer server with Windows Server 2003 software acting as domain members with each their individual tasks.
The domain controller is running on old hardware and needs to be replaced.
Now I was wondering if I could promote one of the 2003 machines to a domain controller and make it replicate with the existing 2000 domain? Then I'd like to degrade the 2000 server from its roles and bring it offline.
What are your suggestions?

Thanks in advance....
Question by:dynamation
LVL 30

Accepted Solution

LauraEHunterMVP earned 1000 total points
ID: 20033122
[1] Prepare your domain for a 2003 upgrade: http://support.microsoft.com/kb/325379
[2] Once you have added the new 2003 DC to your domain, transfer all FSMO roles onto the new 2003 DC: http://support.microsoft.com/kb/324801.  Also configure the 2003 DC as a Global Catalog Server: http://www.petri.co.il/configure_a_new_global_catalog.htm
[3] Configure the 2003 DC to reference an external authoritative time source: http://support.microsoft.com/kb/816042
[4] Run dcpromo on the 2000 server to remove it as a domain controller.  

Also recommend that you add a 2nd 2003 DC configured as a GLobal Catalog for redundancy.
LVL 70

Expert Comment

ID: 20033162
The procedure is as follows:

Install Win2003 on the new hardware

Configure an IP address on the current domain

Joinn the 2003 machine to the domain as a member server as you would any workstation.

next - You need to run ADPrep from the Windows 2003 CD on the Windows 2000 DC. This will extend the Win2003 AD Schema - ADprep is in the i386 folder on the Windows 2003 CD. (Note if this is Win2003 R2 which comes with 2 CDs  then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2)

Once this has been done then youy can run DCPROMO on the 2003 machine to make it a domain controller. You will then need to make it a global Catalog server so go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the "Global Catalog" checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory. Check the new machine has DNS - if not install DNS as Active Directory integrated and allow it to replicate.

If you are using DHCP you should spread this across the domain controllers for now. In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Dont forget to set the default gateway (router) and DNS Servers.

For now, all the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller (the new one), and the Alternate DNS to the other (the old one), that way if one of the DNS Servers fails, the clients will automatically use the other.

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP.

You now need to move the FSMO roles (including the PDC emulator from the old machine to the new machine.  You should cleanly transfer the FSMO roles. This can be done in different ways see http://support.microsoft.com/kb/255504 or http://support.microsoft.com/kb/324801 or http://www.petri.co.il/transferring_fsmo_roles.htm for alternatives methods that can be used.

You should now test that all is OK by disconnecting the old DC (just unplug the network cable). The domain should continue to function, if not then troubleshoot. Reconnect the old Domain Controller when you are satisfied all is OK.

Once you are sure that all is OK then you can either leave both Domain controllers operational, (two domain controllers are normally recommended for fault tolerance)

If you really want to get rid of the old Domain controller then:

You should make sure that all the clients are using the new Domain Controller as their preferred DNS Server - and the Alternate DNS server either points to an alternative domain controller or is blank.

Run DCPROMO on the old DC to demote it back to a member server, and then remove it from the domain.

Reconfigure the DHCP scope if required.

Author Comment

ID: 20033544
Thanks for your answer LauraEHunterMVP!

I have another question about this. What will change if the domain controller is a SBS2003 machine that needs to be replaced by a "normal" Windows Server 2003 machine? Can there be two domain controllers in a SBS 2003 domain at the same time?

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question