• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 438
  • Last Modified:

Replace a primary domain controller procedure question

Hello.
I have a Windows 2003 domain with one domain controller.
Recently I installed a second domain controller. I transfered all five FSMO roles to the new domain controller and I also checked the "Global Catalog" check box.
It seems to me that there is nothing else required for the new server to become the primary domain controller in order to discard the old one.
Although,when I turn the old domain controller off, name authentication and domain services stop working on the network.
I really need to discard the old server and make sure that the new one becomes the domain controller. What should I do next?
Thanks in advance.
0
Yiogi
Asked:
Yiogi
  • 5
  • 2
  • 2
  • +2
1 Solution
 
JimboEfxCommented:
Have you installed DNS/WINS/DHCP on the new server (asumming they are on the first)

Sounds mostly like dns issue - are clients only pointing to original server for name resolution (run ipconfig /all in command prompt to check).

Obviously any files, programs and printers on the server need moved to other servers...
0
 
KCTSCommented:
Install DNS on the new machine - assuming you are using AD integrated DNS the DNS will replicate from the other DC (be patient).

You also need to make sure that the new DC and all clients point to the IP of the new server for their preferred DNS.

If you are using DHCP then you need to move this to the new server as well.
0
 
YiogiAuthor Commented:
I transferred DHCP and DNS to the new server and uninstalled the services from the old one.
Clients resolve through the new DNS and get DHCP leases from the new server.
The only service that the old server does is just domain controller.
It's just there because I can't find any other way of removing it.
I read that I should demote from a domain controller first and everyhting will work fine.
Any ideas on that?
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
Malli BoppeCommented:
go to to start->run type dcpromo and follow the prompts and you should be able to demote the domain controller.
0
 
YiogiAuthor Commented:
Thanks for the reply.
I already know how to demote the domain controller. I even tried it last night.
The message I get is that, the domain controller to be demoted cannot find another domain controller in the domain (even though there is one and it is also the FSMO master). Getting that message I cannot risk demoting the old domain controller and lose the whole network.
There seems to be a problem with global catalogs. When I uncheck the Global Catalog box on the old DC,then nothing works (even though the box on the new DC is checked and replication is always successful).
It seems to me that if I demote the old DC I will lose the global catalog (or cause a major corruption to my AC) and turn my domain infrastructure useless.
Any ideas how can proceed without risking?
0
 
JimboEfxCommented:
you do seem to have some issues that need resolved (pardon the pun) - and it is very likely DNS.

I'm going to suspect that dns records are the issue here... but to prove what the issue is one way or the other.

Run netdiag and dcdiag on both DCs and report any errors here.

Note:
I'm assumming the old dc points to new dc for primary dns, and new dc points to itself for primary dns...
0
 
YiogiAuthor Commented:
Thanks for the reply.
Well I tried running both netdiag and dcdiag on both domain controllers and I got some errors.
"Hermis" is my old domain controller and "Mxdcserver" is my new domain controller by the way.
The old dc points to the new dc for primary dns and the new dc points to itself indeed.
On my old DC (Hermis) I got no errors for both tests.It passed everything.
On my new DC (Mxdcserver) I got the following errors.

Running Netdiag:
Domain membership test . . . . . . : Failed
    [WARNING] Ths system volume has not been completely replicated to the local
machine. This machine is not working properly as a DC.

Running Dcdiag:
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\MXDCSERVER\netlogon)
         [MXDCSERVER] An net use or LsaPolicy operation failed with error 1203,
No network provider accepted the given network path..
         ......................... MXDCSERVER failed test NetLogons
      Starting test: Advertising
         Warning: DsGetDcName returned information for \\hermis.****.****.com
         Server is not responding or is not considered suitable.
         ......................... MXDCSERVER failed test Advertising

      Starting test: frsevent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... MXDCSERVER failed test frsevent

Any help appreciated.Thanks in advance!!
0
 
YiogiAuthor Commented:
Ok I found the solution on another website. You had to make a registry change to replicate the sysvol.

Thanks for all your help though.
0
 
KCTSCommented:
Would you care to share in information to aid other users ?
0
 
YiogiAuthor Commented:
To KCTS:
Sure sorry for not posting it in the first place. Basically it comes from this Microsoft Knowledge Base article:
http://support.microsoft.com/kb/290762

After doing all that was mentioned there everything worked perfectly.

Thanks.
0
 
Vee_ModCommented:
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 5
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now