?
Solved

Replacing a 2000 DNS/DHCP server with a 2003 box

Posted on 2008-06-13
2
Medium Priority
?
179 Views
Last Modified: 2010-04-21
Hello- I'm replacing a Windows 2000 box at one of our remote offices which acts as the DHCP and DNS server for the site.  I'm setting up a new 2003 box now and was wondering if you could point me in the right direction to make this happen as smoothly as possible.

thanks in advance
0
Comment
Question by:omarbr763
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 1000 total points
ID: 21781900
Is the server a Domain Controller too, or just DNS and DHCP? I've posted the entire procedure which includes transferring Domain Controller roles - if it's not a DC then ignore those parts in the procedure below, but I would take a guess and say it probably is? If you're not using Active Directory then please post back.

--

To correctly remove the Domain Controller, you will need to:

Install Windows Server to the new server. Make the new server a member server in your domain with a static IP address. The only DNS server configured at this stage should be the IP of one of your other Domain Controllers. Use dcpromo to promote the server as an additional domain controller in the existing domain.

Ensure DHCP, DNS and Global Catalog roles are moved across to one or more of your new servers. If you are using AD-integrated DNS (which you should) this is as simple as installing the DNS server on the new server (DNS information will replicate with AD) and the DHCP configuration simply needs to be copied from one server or the other. Make sure the DNS server addresses in DHCP AND any statically assigned devices point to one new server for primary, and the other new server for secondary DNS if you install DNS onto it.
For DHCP if you spread it around multiple servers, it is as simple as setting IP scopes on the correct subnet which DON'T overlap (otherwise both servers will give out the same addresses and you will have IP conflicts)

Make sure all the FSMO roles are removed from the first server and transferred to one of the other servers. If you are a single-domain environment, there are no performance or functionality gains from spreading FSMO roles around between servers. They COULD be spread around - it is up to you, but it is recommended they are consolidated onto one server. FSMO transfer guide here: http://support.microsoft.com/kb/324801 and you may like this one: http://www.petri.co.il/transferring_fsmo_roles.htm.
Note you can test if the current server has any FSMO roles by running (at a command prompt)
netdom query fsmo
and examining the output of server FQDNs.
If you see anything about SEIZING FSMO roles, DO NOT undertake this procedure, in this case you can TRANSFER the roles which is a less painful procedure.

For DNS, you should have all zones Active Directory integrated, which means the DNS information is stored in Active Directory and transferred with existing DC-to-DC replication. This eliminates the need for zone transfers. To convert to AD-integrated DNS (or ensure you have this configuration), check out http://support.microsoft.com/kb/198437.

For the Global Catalog role, you can ensure at least one other server is a GC by following http://support.microsoft.com/kb/313994. More information on the Global Catalog role (including why it is needed for user and computer logons) can be found at http://support.microsoft.com/kb/216970.

As a test, shut down the existing DC and make sure all Active Directory and client workstations are functioning properly. If they are, you should be safe to go ahead and run DCPROMO to demote the DC to member server.

Make sure then replicate any data and shares off the server if you intend on completely removing it from your network.

-tigermatt
0
 

Author Closing Comment

by:omarbr763
ID: 31467045
thanks for the quick response.  This server is not a domain controlle so it looks like this should be pretty easy.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question