• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 465
  • Last Modified:

In what order do I promote and demote the DC's in a 2000 to 2003 DC replacement?

Hi I've done the addprep and verified replication. I am now ready to bring my 2003 DC into my forest. I currently have a 2000 DC. I'm under the impression the next step is to run "dcpromo.exe" on the new DC and then demote the old DC. Is this correct? What is the command to demote the old DC? "dcdemo.exe"? I also have a failover DC currently for my 2000 domain, and a failover for the 2003 domain. Do I promote/demote them in the same order?
0
numb3rs1x
Asked:
numb3rs1x
  • 3
  • 3
  • 2
2 Solutions
 
ryansotoCommented:
Since yo already ran adprep your OK there.
Now run dcpromo on the new 2k3 server.  Once its ok then you see replication then transfer all roles to the 2k3 server (FSMO roles) and make the 2k3 machine a global catalog server.
Once done thne you can run a dcpromo on the old machine
0
 
KCTSCommented:
It makes sence to start with the schema master. The process is as follows

Install Windows 2003 on the new machine

Assign the new computer an IP address and subnet mask on the existing network

Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

If the new Windows 2003 server is the R2 version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2. If its not the R2 version then adprep is in the i386\ folder

you need to run

adprep /forestprep
and
adprep /domainprep

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

If necessary install DHCP on the new DC. You can do this through Add/Remove Programs->Windows Components->Networking Services->DHCP.

You will then need to remove any existing DHCP prior to authorising the new DHCP Server. When setting up the new DHCP server dont forget to set the default gateway (router) and DNS Servers. Talking of which all the clients (and the domain controllers themselves) need to have their Preferred DNS server set the new domain controller.

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and the domain could function for a while at least should any one of them fail.

If you really want rid of the old DC then:-

Transfer all the FSMO roles to the new DC: See http://www.petri.co.il/transferring_fsmo_roles.htm

Check that you have:-
Made the other DC a global catalog:
Installed DHCP on the new DC, set up the scope and authorise it. (If using DHCP)
Make sure that all clients use the new DC as their Preferred DNS server (either by static or DHCP options)

Power down to old DC and make sure that all is well, once satisfied power on the old DC again, then run DCPROMO for remove it's domain controller status. This is essential to avoid replication errors

If you want to remove the machine from the domain then you can do so one it's DC role has been removed
0
 
numb3rs1xAuthor Commented:
So like I said, I've already run the adprep command, but, per instruction from the MS KB, I ran it from the i386 folder on disk 1. The software version of the new DC's is the R2 version. Does this mean I have to run the R2 version or is the adprep version in the i386 folder on disk 1 the same?
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
ryansotoCommented:
You have to run adprep from the r2 disk (second disk)
0
 
KCTSCommented:
The R2 version has its own version od ADPREP which you must run instead of the one in the i386 folder, as I said previously the one you want is in the \CMPNENTS\R2\ folder on CD2. Sorry if this was not clear
0
 
numb3rs1xAuthor Commented:
Okay. So far so good. I just promoted the 2003 DC's successfully into the Domain. I'm at the DNS step. Here is where it gets a little dicey: The DNS on the old servers are not dynamically updating or scavenging and therefore are full of garbage. I would rather start them fresh and leave all of the old config out of it entirely to see if that might fix the issues I can't seem to solve. Is there a way to start a clean DNS server without importing anything from the old DC's that currently are still in the domain?
0
 
ryansotoCommented:
Manually delete from the original server before installing DNS on the new machine.  When you set up DNS on the new machine replication will copy whatever is in DNS good or garbage
0
 
numb3rs1xAuthor Commented:
So when this happens, will the server also copy anything behind the scenes? What I want to avoid here is having it import anything that might be keeping it from dynamically updating and scavenging.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now