Solved

Will a demoted DC retain all AD informtion when you promote it back to dc status as a child in a parent domain?

Posted on 2007-11-20
24
443 Views
Last Modified: 2010-04-18
I will be demoting a DC in my work environment in order to promote it as a child in a new parent domain structure. If I demote the DC with all of its current AD information - users and computers - dns and dhcp - will this information be retained when I promote it back to a child dc or will I be starting from stratch?
0
Comment
Question by:asg1977
  • 12
  • 10
  • 2
24 Comments
 
LVL 12

Assisted Solution

by:bhnmi
bhnmi earned 40 total points
ID: 20321409
Scratch.
0
 
LVL 12

Assisted Solution

by:bhnmi
bhnmi earned 40 total points
ID: 20321423
Prop a temp DC and the child domain and migrate everything to it first. Then demote yours and bring it backup into the new domain, let it all replicate switch the roles and demote the other one.
0
 

Author Comment

by:asg1977
ID: 20321534
So I should create a temp DC and make it a child then migrate all AD data from 1st DC to temp DC? How long will the replication take? Also, I would need to take all DNS and DHCP data and place it on the temp dc?
0
 

Author Comment

by:asg1977
ID: 20321544
I really do not want to demote a dc unless I have to. I am only working with one dc on site that I need to make a child in a parent domain.
0
 
LVL 13

Assisted Solution

by:cshepfam
cshepfam earned 460 total points
ID: 20321629
If you add the server as a domain controller in an existing domain (this is an option) then all the information
will be retained.  all the information in AD that is because the primary DC will replicate all its information to the new DC.


DHCP and DNS will NOT have to be configured on the child.  If the main DC is the primary DNS server and DHCP server, theres no reason to configure the child DC with DNS or DHCP, UNLESS you want to create a secondary DNS server, then you can configure that after during the AD setup and DNS is configured automatically.  You would create a forward and reverse lookup zone pointing back to your primary DNS server.  


Also, on the NIC of the child DC, point the DNS addresses to your primary DNS server.
0
 

Author Comment

by:asg1977
ID: 20321717
So, It is eaiser for me to add the server as a dc in an existing domain? Is this also done through dcpromo?
0
 
LVL 13

Assisted Solution

by:cshepfam
cshepfam earned 460 total points
ID: 20321727
yes it is.



0
 
LVL 13

Assisted Solution

by:cshepfam
cshepfam earned 460 total points
ID: 20321742
0
 

Author Comment

by:asg1977
ID: 20321746
If I do move forward in this manner after replication I will then need to demote that server then add it again as a child? Also, is added the server to an existing domain a part of dcpromo?
0
 
LVL 13

Assisted Solution

by:cshepfam
cshepfam earned 460 total points
ID: 20321752
Adding a Domain Controller to an Existing Domain

After you create multiple domain controllers, Active Directory frequently and automatically replicates directory information between them. If a domain controller becomes unavailable, directory information is still available through the other domain controllers.
To add an additional domain controller to an existing domain

   1. Click Start, and then click Run.

   2. In the Run dialog box, in the Open box, type dcpromo, and then click OK.

   3. In the Domain Controller Type dialog box, select Additional domain controller. This creates the domain controller as a replication partner.

   4. In the Network Credentials dialog box, type the user name of a domain administrator, the password, and the name of the domain, and then click Next.

   5. In the Additional Domain Controller dialog box, click Next.

   6. In the Database and Log Location dialog box, accept the defaults, and then click Next.

   7. In the Shared System Volume dialog box, click Next.

   8. In the Directory Services Restore Mode Administrator Password dialog box, leave the boxes blank, and then click Next.

   9. On the Summary dialog box, click Next.

  10. When the Completing Active Directory dialog box appears, click Finish, and then restart Windows.
0
 
LVL 13

Assisted Solution

by:cshepfam
cshepfam earned 460 total points
ID: 20321768
0
 

Author Comment

by:asg1977
ID: 20321777
Is there any good reason why a child should be added to a parent domain instead of adding a dc to an existing domain? I need this feedback to understand why corporate would want to move in this manner?
0
 

Author Comment

by:asg1977
ID: 20321802
Remember that all of this is taking place in a Windows Server 2003 AD infrastructure.
0
 
LVL 13

Accepted Solution

by:
cshepfam earned 460 total points
ID: 20321908
I use windows server 2003 so I understand.


I honestly think it would be best to add a DC to an existing domain.  doing it this way is a backup of your primary domain.  if your primary domain was to ever go down, you can use the second one in place of the failed DC.  all you would have to do is configure DNS and DHCP like your first one and thats it.  since AD is replicated, all mapped drives and group policies are the same and doesn't change.


a child domain has its benefits too.  for more information of those benefits, click here:

http://www.w2k.vt.edu/whychild.html
0
 

Author Comment

by:asg1977
ID: 20322111
Thanks for your patience and responses. One last question :) ? I do not maintain the primary server it is in another physical location but you are stating that I add my dc to that existing domain - would I setup a shortcut trust as well to accomplish this?
0
 

Author Comment

by:asg1977
ID: 20322176
Currently, there is no forest struture - the company is attempting to build this structure by taking their DC at another location and making that DC the parent they then want me to take the DC in my location and turn it into a child under the parent DC therefore creating the forest and tree structure. You are saying to add my dc as a second dc in that forest allow data to replicate then make my dc a child through dcpromo?
0
 
LVL 13

Assisted Solution

by:cshepfam
cshepfam earned 460 total points
ID: 20322185
a trust is usually set up between two forests.


i didn't know your main server was in another physical location.  is there another admin for that site?  i figured you was the one in charge of it all.


the reason why they probably want u to make a child domain is because they are the parent.  u kind of confused me with that setup.
0
 
LVL 13

Assisted Solution

by:cshepfam
cshepfam earned 460 total points
ID: 20322229
no, you're confusing yourself a little bit.  I'll break it down for you:



-If your company is wanting to be the main site where all information gets stored there.  They control it all and has the main servers over there, the reason why they want you to be a child server is because thats what you are.  you are a section of the head company.  Their AD information does NOT need to be replicated to you because they will having different users in their building, and you will have different users in your building.  The only thing you need to configure is your DNS and DHCP.  Your DNS addresses will point to their DNS server.  Once AD setup adds DNS, you will have to manually configure it, create forward and reverse lookup zones and have it point to the PRIMARY DNS server at the main location.  


-when we were talking about adding a domain controller into an existing domain, that was it.  Just do it once, you DO NOT have to then demote it and promote it again to a child domain.  I said this would be best when I thought your Primary server was in the same building with you and you would use the secondary DC as a backup.
0
 

Author Comment

by:asg1977
ID: 20322387
So, am I going to take my DC at my location and demote it then make it a child so I can add it to the parent server at the other physical location? How do I retain all my AD data if I need to demote to become a child? Right now I have just a DC setup with DNS and DHCP this is also the file and print server.
0
 

Author Comment

by:asg1977
ID: 20322389
And I will not be using the previous scenario about the dc into an existing domain correct?
0
 
LVL 13

Assisted Solution

by:cshepfam
cshepfam earned 460 total points
ID: 20322478
Let me ask you this first:  Is the information you have stored in your AD right now configured with custom group policies and users/groups?  I'm wondering this because I'm not sure if you're a new company just getting started with this setup or if your company is just expanding.


I would also let it be known to whomeover wants you to demote your DC that in doing so, you may lose all your information (unless you do a backup of Active Directory).


To answer your questions, yes, you will demote it and then add it as a child.  They will have to of had their parent server up and running already for this to happen first.

Also, do a backup of Active Directory

http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/distrib/dsbj_brr_axal.mspx?mfr=true


Once thats backed up, when you get your child DC up, restore the backup so all information will go back into your AD.
0
 

Author Comment

by:asg1977
ID: 20322582
The setup at my sight is at its infancy - it is the basic setup of AD - I have users in the users folder and computers listed in the computers folder - the individual that set this up before me has established some group policies - but there are no OU's -  the GPS are set on the domain contoller at the root. Other than this there is not much else. I have been hired to setup OU's, roaming profiles, GPS according to how the OU's function and the task we have been discussing which is to take a dc that is not a child, make the dc a child and add it to the parent (other location - corporate) domain.
0
 

Author Comment

by:asg1977
ID: 20322594
As for backing up AD, I attempted this at another job and it did not work and we had to start from stratch anyway.
0
 
LVL 13

Assisted Solution

by:cshepfam
cshepfam earned 460 total points
ID: 20322847
Well, worse case scenario, if you lose your settings, you'll just have to start from scratch but that shouldn't be difficult anyways.  You can create the OU's, create the groups and users.  Add your own policies, etc.  That way you don't have to work around someone else's settings but create your own.


You're ready to go now.
0

Join & Write a Comment

Suggested Solutions

There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now