In what order do I promote and demote the DC's in a 2000 to 2003 DC replacement?

Posted on 2008-06-11
Last Modified: 2013-12-05
Hi I've done the addprep and verified replication. I am now ready to bring my 2003 DC into my forest. I currently have a 2000 DC. I'm under the impression the next step is to run "dcpromo.exe" on the new DC and then demote the old DC. Is this correct? What is the command to demote the old DC? "dcdemo.exe"? I also have a failover DC currently for my 2000 domain, and a failover for the 2003 domain. Do I promote/demote them in the same order?
Question by:numb3rs1x
  • 3
  • 3
  • 2
LVL 24

Expert Comment

ID: 21764246
Since yo already ran adprep your OK there.
Now run dcpromo on the new 2k3 server.  Once its ok then you see replication then transfer all roles to the 2k3 server (FSMO roles) and make the 2k3 machine a global catalog server.
Once done thne you can run a dcpromo on the old machine
LVL 70

Accepted Solution

KCTS earned 75 total points
ID: 21764265
It makes sence to start with the schema master. The process is as follows

Install Windows 2003 on the new machine

Assign the new computer an IP address and subnet mask on the existing network

Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

If the new Windows 2003 server is the R2 version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2. If its not the R2 version then adprep is in the i386\ folder

you need to run

adprep /forestprep
adprep /domainprep

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

If necessary install DHCP on the new DC. You can do this through Add/Remove Programs->Windows Components->Networking Services->DHCP.

You will then need to remove any existing DHCP prior to authorising the new DHCP Server. When setting up the new DHCP server dont forget to set the default gateway (router) and DNS Servers. Talking of which all the clients (and the domain controllers themselves) need to have their Preferred DNS server set the new domain controller.

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and the domain could function for a while at least should any one of them fail.

If you really want rid of the old DC then:-

Transfer all the FSMO roles to the new DC: See

Check that you have:-
Made the other DC a global catalog:
Installed DHCP on the new DC, set up the scope and authorise it. (If using DHCP)
Make sure that all clients use the new DC as their Preferred DNS server (either by static or DHCP options)

Power down to old DC and make sure that all is well, once satisfied power on the old DC again, then run DCPROMO for remove it's domain controller status. This is essential to avoid replication errors

If you want to remove the machine from the domain then you can do so one it's DC role has been removed

Author Comment

ID: 21764487
So like I said, I've already run the adprep command, but, per instruction from the MS KB, I ran it from the i386 folder on disk 1. The software version of the new DC's is the R2 version. Does this mean I have to run the R2 version or is the adprep version in the i386 folder on disk 1 the same?
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

LVL 24

Expert Comment

ID: 21764490
You have to run adprep from the r2 disk (second disk)
LVL 70

Expert Comment

ID: 21764716
The R2 version has its own version od ADPREP which you must run instead of the one in the i386 folder, as I said previously the one you want is in the \CMPNENTS\R2\ folder on CD2. Sorry if this was not clear

Author Comment

ID: 21771571
Okay. So far so good. I just promoted the 2003 DC's successfully into the Domain. I'm at the DNS step. Here is where it gets a little dicey: The DNS on the old servers are not dynamically updating or scavenging and therefore are full of garbage. I would rather start them fresh and leave all of the old config out of it entirely to see if that might fix the issues I can't seem to solve. Is there a way to start a clean DNS server without importing anything from the old DC's that currently are still in the domain?
LVL 24

Assisted Solution

ryansoto earned 50 total points
ID: 21772259
Manually delete from the original server before installing DNS on the new machine.  When you set up DNS on the new machine replication will copy whatever is in DNS good or garbage

Author Comment

ID: 21772548
So when this happens, will the server also copy anything behind the scenes? What I want to avoid here is having it import anything that might be keeping it from dynamically updating and scavenging.

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
setup share and NTFS permissions. 12 78
how can I practice with windows server os 2 68
Trasfering FSMO roles 8 104
SBS 2003 RWW Login 3 36
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question