Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How can I split two domain controllers 2000 and 2003

Posted on 2009-02-09
5
Medium Priority
?
306 Views
Last Modified: 2013-12-05
Hello,  Can someone let me know what I need to do in this situation.

I used to have two server on my network. Win2k DC and Win2003 DC.  Win 2000 DC was the main domain controller.  Both servers were running on one LAN on the dame domain.  I have two offices now, and need to put one of these servers in to my second office.  These offices are not going to be connected on the same domain.  

Can you please let me know what I need to to split these domain controllers, without loosing any user information.  Basically I need both of these servers to be independent main domain controllers.

thanks,

Alex
0
Comment
Question by:mirchevsky
  • 2
3 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 1000 total points
ID: 23593184

The easiest way in which I can think of doing this would be to disconnect one of the DCs and move it to the new office. In each office, you can then treat the DC which moved out as a 'failed' DC, and clean up its Domain Controller account from the remaining DC's Active Directory by running a metadata cleanup: http://technet.microsoft.com/en-us/library/cc736378.aspx. On the DC you moved which did not hold the FSMO roles, you would need to Seize those roles over to that DC: http://www.petri.co.il/seizing_fsmo_roles.htm.

There are many implications to what you are doing, and this really is something I would not recommend. In doing this, if you did ever want to reconnect the two servers together in the future, one would have to be rebuilt - or at least demoted as a DC and then repromoted. You will also have two distinct copies of your Active Directory database, which will quickly move out of sync with one another as changes are made in each office. If the two sites are for the same company, the most efficient and accepted route is to link the sites by VPN and then have the two DCs act in the same domain. This is the best route.

-Matt
0
 
LVL 6

Assisted Solution

by:cobra09
cobra09 earned 1000 total points
ID: 23593312
Here's what you have to do.

Windows Domains after Active directory are different in that both domain controllers have the same features. That means you can just move the domain controller to the new site and it will still act as required.

Exception is the 5 FSMO roles, which can only reside on a particular Domain controller. Since Windows 200 DC was the first to be installed. It will have all of these 5 roles, unless you had moved them. Only one FSMO role of the 5 is important here. i.e the PDC Role ( password changes for ex. are handled by this).

If the 2 sites will be connected by high speed reliable links, then you dont have to do anything much. Else, the recommended way is to create 2 sites for each location, and create the required subnets and then move the domain controllers to the sorresponding site.
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 24765688

The original question asked by the Author was answered in my opinion by the two expert comments. This is despite the request being against standard best practices and recommendations, but the question was answered.

-Matt
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Learn about cloud computing and its benefits for small business owners.
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question