Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Changing domain controller

Posted on 2007-11-22
10
Medium Priority
?
1,120 Views
Last Modified: 2012-06-21
We have two windows 2003 server based servers. One of them is a domain controller the other one is a member server, which used to be the main exchange server. I transferred the main exchange server role to a third member server and made this server just a member exchange server, but nothing resides in it. That means I can easily remove the exchange server from this server.

Now I want to promote this server to the main domain controller and the old domain controller to backup domain controller. What steps should I follow not to mess up our system in the process? Please advise.
Thank you,
0
Comment
Question by:URWB
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
10 Comments
 
LVL 6

Accepted Solution

by:
MorDrakka earned 1020 total points
ID: 20337721
Hi,

There is not really something like a backup domain controller in w2k w2k3. Unless you count he FSMO's.

I would do the following actions:

- run DCPROMO on new 'to be' DC
- After DCpromo is ready move the FSMO(Five single master operations) to your new DC.

FSMO roles are:  
- Rid master
- Domain Master
- Schema Master
- Infrastructure Master
- PDC emulator.

Hope this helps!
0
 
LVL 6

Assisted Solution

by:MorDrakka
MorDrakka earned 1020 total points
ID: 20337722
Here is additional info on how to move these roles:

http://www.petri.co.il/transferring_fsmo_roles.htm
0
 
LVL 6

Assisted Solution

by:-DJL-
-DJL- earned 300 total points
ID: 20337752
You'll also want to make the new server a Global Catalog server.

Run the Active Directory Sites and Services snap-in. Expand the Sites until you locate the server that you wish to become a Global Catalog. Right-click the NTDS Settings icon, under the server, and click Properties. On the General tab, check the Global Catalog box.

Wait a few hours and then remove the Global catalog from the old server.
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 680 total points
ID: 20338002
You might also want to make the new DC a DNS server and point the clients (via DHCP or TCP/IP settings), to use one DC as the preferred DNS server and the other as alternate DNS server.
0
 
LVL 6

Assisted Solution

by:-DJL-
-DJL- earned 300 total points
ID: 20338071
Thinking about it some more I'd keep both servers as Global Catalog servers
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 680 total points
ID: 20338109
Ok let me summ that lot up as there is a lot going on here:
Run DCPROMO on the machine that you whsh to become a Domain Controller to make it DC.

Install DNS (the AD integrated zone should replicate automatically - may take a little while)

Make the new machine a global catalog server - go to Active Directory Sites and Services, Expand Sites, Expand Servers, expand the server in question, right click NTDS settings, select properties and tick Global Catalog.

Transfer the FSMO roles to the new machine

Configure the clients to use one DC (the new one) as the preferred DNS server and the other as the alternate DNS server - either in the DHCP options or via the TCP/IP settings.

BTW the DCs should each point to themselves for preferred DNS server
 
0
 

Author Comment

by:URWB
ID: 20434768
Unfortunately, I managed to do the above task only today. I think I've done everything as per your instructions and everything seems fine; except for one thing.

When I tried to transfer the Infrastructure operations master role from the old DC to the new one I got the following message:

"<new DC> is a global catalog (GC) server. The infrastructure operations master role should not be transferred to a GC server. Please see help for more infomation. Are you certain you want to transfer the infrastructure operations master role to this GC server?

For this message I selected Yes. Would that create any problem to the configuration?

Thank you for your prompt assistance.
0
 

Expert Comment

by:jdschauer
ID: 21049665
What are the negatives to having a Global Catalog on a Domain Controller?
0
 
LVL 6

Expert Comment

by:-DJL-
ID: 21049681
If all your domain controllers are Global Catalog servers then you can ignor the message.  If you have domain controllers not running as GC's then you should move the Infrastructure role to one of those servers.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21049714
In a multi-domain environment if some and not all DCs are GCs and the Infrastrcuture master is a GC it can result in phantom objects - see http://support.microsoft.com/kb/248047
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question