Solved

What should I do before degrade this Windows 2000 domain controller?

Posted on 2007-11-27
2
589 Views
Last Modified: 2011-10-03
Dear Sir or Madam:

I have a Window 2003 domain. On our domain there is only one 2003 domain controller, the other 7 are all  windows 2000 domain controllers. My company pass the budget to upgrade our domain. I am planning to upgrade our domain to Windows 2003 base. Before I do that, i need degrade my old DCs. My question is some of the DCs are DHCP servers and DNS servers. If I degrade them, what should i do before that. Do i need set up another DNS server and DHCP servers.

I have five branches and HQ. At very branch, i have a DHCP server (also DC, altogether 5 DCs). At HQ, i have One primary DNS server and Secondary DNS server. Do i need to degrade them?

Thank you for any help, the more detailed, the more appreciated.
0
Comment
Question by:Jason Yu
2 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 400 total points
ID: 20362336
before you demote any DCs you need to find which one(s) are holding FSMO roles (http://www.petri.co.il/determining_fsmo_role_holders.htm) and transfer these roles to another DC (http://www.petri.co.il/transferring_fsmo_roles.htm).

It whould also be a good idea to make sure at least one DC on each of your sites hosts the global catalog - Go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the ‘Global Catalog’ checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

When you install the new DCs add DNS as Active Directory Integrated - best to have a DNS server on each site as well to avoid cross-site DNS lookups. Active Directory Integrated DNS is much more efficient and secure than an old fashioned primary/Secondary DNS server setup)

Make sure all the clients are configured with the address of one Windows DNS server as the preferred DNS server (the one on their own site), and the address of another Windows DNS server as the alternate DNS server for backup - this may be done be configuring the settings manually or as DHCP options.

Talking of DHCP, it may be a good idea to provided a DHCP server at each site as well

If you have not already done so then define you subnets and assign them to sites in AD sites and services, then windows will attempt to authenticate with the local DC - reducing cross site traffic and speeding up responses.

make sure that if you remove the old DCs you remove them gracefully by running DCPROMO to dematoe them.

0
 
LVL 12

Assisted Solution

by:Amit Bhatnagar
Amit Bhatnagar earned 100 total points
ID: 20470284
Please make sure to go through these documents before you proceed. They give you a very good insight on what to do and what NOT to do while performing such steps. Best of luck..:)

http://support.microsoft.com/kb/325379
http://support.microsoft.com/kb/555040
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Import groups from "Member Of" of user to a notepad. 4 49
Cloud Migration Questions 8 45
Sharepoint User Name Displaying incorrectly. 17 41
Bind Mac To Azure AD 1 35
Resolve DNS query failed errors for Exchange
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question