Demoting primary domain controller

Existing network uses W2K server as primary domain controller. Need to add new W2K3 server as the primary domain controller, but keep the existing W2K server on the network.
Can I simply join all workstations to the new W2K3 domain controller without issues? Or,,must I first demote the W2K server to a member server?
Appreciate input as need to get this done right away.
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

KCTSConnect With a Mentor Commented:
The process is as follows

Install Windows 2003 on the new machine
Assign the new computer an IP address and subnet mask on the existing network

Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

You now need to run ADprep on the 2000 machine

If the new Windows 2003 server is the R2 version Adprep is in the \CMPNENTS\R2\ folder on CD2
if not then ADPREP is in the i386 Folder

Put the 2003 CD into the 2000 DC and run

adprep /forestprep
adprep /domainprep

Now go back to the 2003 machine

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select Additional Domain Controller in an existing Domain

Once Active Directory is installed then install DNS. You can do this through Add/Remove Programs->Windows Components->Networking Services->DNS.  If you are using Active Directory Integrated DNS then DNS will br replicated from the other DC/DNS.

Next make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand, Sites, Default first site and Servers. Right click on the new server and select properties and tick the Global Catalog checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

If necessary install DHCP on the new DC. You can do this through Add/Remove Programs->Windows Components->Networking Services->DHCP.

You will then need to remove any existiing DHCP prior to authorising the new DHCP Server. When setting up the new DHCP server dont forget to set the default gateway (router) and DNS Servers. Talking of which all the clients (and the domain controllers themselves) need to have their Preferred DNS server set the new domain controller.

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and the domain could function for a while at least should any one of them fail.

If you really want rid of the old DC then:-

Transfer all the FSMO roles to the new DC: See

Check that you have:-
Made the other DC a global catalog:
Installed DHCP on the new DC, set up the scope and authorise it. (If using DHCP)
Make sure that all clients use the new DC as their Preferred DNS server (either by static or DHCP options)

Power down to old DC and make sure that all is well, once satisfied power on the old DC again, then run DCPROMO for remove it's domain controller status. This is essential to avoid replication errors

If you want to remove the machine from the domain then you can do so one it's DC role has been removed
hi check teh following gives you a good checklist of what you need to do and how to get to the point of running dcpromo on the 2003 server
If you do it as above you will simply replace the DC - no need to remove and re-add the machines from the domain.
Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

There is no such thing as a primary domain controller in an AD environment. Just add the W2K3 server as an additonal DC into your AD domain. If you like you can then demote the W2K server. But it is VERY good pratice to always have a minimum of 2 DC's. W2K and W2K3 can easily co-exist in the same domain, so I would recommend to keep the two in your domain.
zackeryAuthor Commented:
Thanks for all the quick feedback! The w2k3 is already at a domain controller status and I would prefer to make it the domain controller that all the workstations point to instead of the W2K domain controller. So, is it correct that I can just add the W2K3 domain controller to existing network, point the workstations to this new W2K3 server and still keep the existing W2K domain controller on the network as is?
yes. definitively keep the w2k server as a DC. It will provide redudancy in case the w2k3 server fails (and vice versa)
zackeryAuthor Commented:
KCTS: The current W2K DC is online and in service with Exchange 2003 also installed. What is the risk of installing adprep /forestprep
adprep /domainprep ?

Should I take this W2K DC off line before running these preps?

zackeryAuthor Commented:
This worked out just great yesterday for my situation. Much appreciated
All Courses

From novice to tech pro — start learning today.