?
Solved

What should I do before degrade this Windows 2000 domain controller?

Posted on 2007-11-27
2
Medium Priority
?
594 Views
Last Modified: 2011-10-03
Dear Sir or Madam:

I have a Window 2003 domain. On our domain there is only one 2003 domain controller, the other 7 are all  windows 2000 domain controllers. My company pass the budget to upgrade our domain. I am planning to upgrade our domain to Windows 2003 base. Before I do that, i need degrade my old DCs. My question is some of the DCs are DHCP servers and DNS servers. If I degrade them, what should i do before that. Do i need set up another DNS server and DHCP servers.

I have five branches and HQ. At very branch, i have a DHCP server (also DC, altogether 5 DCs). At HQ, i have One primary DNS server and Secondary DNS server. Do i need to degrade them?

Thank you for any help, the more detailed, the more appreciated.
0
Comment
Question by:Jason Yu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 70

Accepted Solution

by:
KCTS earned 1600 total points
ID: 20362336
before you demote any DCs you need to find which one(s) are holding FSMO roles (http://www.petri.co.il/determining_fsmo_role_holders.htm) and transfer these roles to another DC (http://www.petri.co.il/transferring_fsmo_roles.htm).

It whould also be a good idea to make sure at least one DC on each of your sites hosts the global catalog - Go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the ‘Global Catalog’ checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

When you install the new DCs add DNS as Active Directory Integrated - best to have a DNS server on each site as well to avoid cross-site DNS lookups. Active Directory Integrated DNS is much more efficient and secure than an old fashioned primary/Secondary DNS server setup)

Make sure all the clients are configured with the address of one Windows DNS server as the preferred DNS server (the one on their own site), and the address of another Windows DNS server as the alternate DNS server for backup - this may be done be configuring the settings manually or as DHCP options.

Talking of DHCP, it may be a good idea to provided a DHCP server at each site as well

If you have not already done so then define you subnets and assign them to sites in AD sites and services, then windows will attempt to authenticate with the local DC - reducing cross site traffic and speeding up responses.

make sure that if you remove the old DCs you remove them gracefully by running DCPROMO to dematoe them.

0
 
LVL 12

Assisted Solution

by:Amit Bhatnagar
Amit Bhatnagar earned 400 total points
ID: 20470284
Please make sure to go through these documents before you proceed. They give you a very good insight on what to do and what NOT to do while performing such steps. Best of luck..:)

http://support.microsoft.com/kb/325379
http://support.microsoft.com/kb/555040
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question