How to replace a Windows 2000 PDC with a new Windows 2003 server?

Posted on 2007-10-08
Last Modified: 2010-03-17
Hi Experts,

One of our customers currently has an older Windows Server 2000 machine setup as a primary domain controller and several newer server with Windows Server 2003 software acting as domain members with each their individual tasks.
The domain controller is running on old hardware and needs to be replaced.
Now I was wondering if I could promote one of the 2003 machines to a domain controller and make it replicate with the existing 2000 domain? Then I'd like to degrade the 2000 server from its roles and bring it offline.
What are your suggestions?

Thanks in advance....
Question by:dynamation
    LVL 30

    Accepted Solution

    [1] Prepare your domain for a 2003 upgrade:
    [2] Once you have added the new 2003 DC to your domain, transfer all FSMO roles onto the new 2003 DC:  Also configure the 2003 DC as a Global Catalog Server:
    [3] Configure the 2003 DC to reference an external authoritative time source:
    [4] Run dcpromo on the 2000 server to remove it as a domain controller.  

    Also recommend that you add a 2nd 2003 DC configured as a GLobal Catalog for redundancy.
    LVL 70

    Expert Comment

    The procedure is as follows:

    Install Win2003 on the new hardware

    Configure an IP address on the current domain

    Joinn the 2003 machine to the domain as a member server as you would any workstation.

    next - You need to run ADPrep from the Windows 2003 CD on the Windows 2000 DC. This will extend the Win2003 AD Schema - ADprep is in the i386 folder on the Windows 2003 CD. (Note if this is Win2003 R2 which comes with 2 CDs  then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2)

    Once this has been done then youy can run DCPROMO on the 2003 machine to make it a domain controller. You will then need to make it a global Catalog server so go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the "Global Catalog" checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

    Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory. Check the new machine has DNS - if not install DNS as Active Directory integrated and allow it to replicate.

    If you are using DHCP you should spread this across the domain controllers for now. In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Dont forget to set the default gateway (router) and DNS Servers.

    For now, all the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller (the new one), and the Alternate DNS to the other (the old one), that way if one of the DNS Servers fails, the clients will automatically use the other.

    Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP.

    You now need to move the FSMO roles (including the PDC emulator from the old machine to the new machine.  You should cleanly transfer the FSMO roles. This can be done in different ways see or or for alternatives methods that can be used.

    You should now test that all is OK by disconnecting the old DC (just unplug the network cable). The domain should continue to function, if not then troubleshoot. Reconnect the old Domain Controller when you are satisfied all is OK.

    Once you are sure that all is OK then you can either leave both Domain controllers operational, (two domain controllers are normally recommended for fault tolerance)

    If you really want to get rid of the old Domain controller then:

    You should make sure that all the clients are using the new Domain Controller as their preferred DNS Server - and the Alternate DNS server either points to an alternative domain controller or is blank.

    Run DCPROMO on the old DC to demote it back to a member server, and then remove it from the domain.

    Reconfigure the DHCP scope if required.
    LVL 1

    Author Comment

    Thanks for your answer LauraEHunterMVP!

    I have another question about this. What will change if the domain controller is a SBS2003 machine that needs to be replaced by a "normal" Windows Server 2003 machine? Can there be two domain controllers in a SBS 2003 domain at the same time?

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Join & Write a Comment

    Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now