We help IT Professionals succeed at work.

How can I split two domain controllers 2000 and 2003

Medium Priority
Last Modified: 2013-12-05
Hello,  Can someone let me know what I need to do in this situation.

I used to have two server on my network. Win2k DC and Win2003 DC.  Win 2000 DC was the main domain controller.  Both servers were running on one LAN on the dame domain.  I have two offices now, and need to put one of these servers in to my second office.  These offices are not going to be connected on the same domain.  

Can you please let me know what I need to to split these domain controllers, without loosing any user information.  Basically I need both of these servers to be independent main domain controllers.


Watch Question

Site Reliability Engineer
Most Valuable Expert 2011

The easiest way in which I can think of doing this would be to disconnect one of the DCs and move it to the new office. In each office, you can then treat the DC which moved out as a 'failed' DC, and clean up its Domain Controller account from the remaining DC's Active Directory by running a metadata cleanup: http://technet.microsoft.com/en-us/library/cc736378.aspx. On the DC you moved which did not hold the FSMO roles, you would need to Seize those roles over to that DC: http://www.petri.co.il/seizing_fsmo_roles.htm.

There are many implications to what you are doing, and this really is something I would not recommend. In doing this, if you did ever want to reconnect the two servers together in the future, one would have to be rebuilt - or at least demoted as a DC and then repromoted. You will also have two distinct copies of your Active Directory database, which will quickly move out of sync with one another as changes are made in each office. If the two sites are for the same company, the most efficient and accepted route is to link the sites by VPN and then have the two DCs act in the same domain. This is the best route.


Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Here's what you have to do.

Windows Domains after Active directory are different in that both domain controllers have the same features. That means you can just move the domain controller to the new site and it will still act as required.

Exception is the 5 FSMO roles, which can only reside on a particular Domain controller. Since Windows 200 DC was the first to be installed. It will have all of these 5 roles, unless you had moved them. Only one FSMO role of the 5 is important here. i.e the PDC Role ( password changes for ex. are handled by this).

If the 2 sites will be connected by high speed reliable links, then you dont have to do anything much. Else, the recommended way is to create 2 sites for each location, and create the required subnets and then move the domain controllers to the sorresponding site.
tigermattSite Reliability Engineer
Most Valuable Expert 2011


The original question asked by the Author was answered in my opinion by the two expert comments. This is despite the request being against standard best practices and recommendations, but the question was answered.

Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.