• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 242
  • Last Modified:

Decommisioning 2003 Server

We have one old 2003 DC (name: server) on our network which we are looking to decommission :

- First domain in the forest
- All 5 FSMO roles
- DNS, DHCP, File Server, Print Server

We have one 2003 R2 server arriving next week, along with 60 new HP computers replacing 98% computers on the network.

We see this as a perfect opportunity to review our current AD design which is rather poor, so we would like to setup this new server in a lab and get our AD design, OU and file share structure nailed down. In the lab, the new server will have a different computer name (LPLDC1), and will be setup as the first domain in a new forest which will be using the same domain name WAGROUP as the old DC.

- How could we achieve replacing the old 2003 DC? Would we just demote the old 2003 DC and then plugin in LPLDC1? We are assuming that demoting the old server will remove/seize the FSMO roles, so when we add LPLDC1 it will take over with all 5 FSMO roles and run as PDC.

- Could we start copying file shares and migrate printer settings from the old server to the LPLDC1 after the old server has been demoted?

- How would we approach the computers on the network which were joined to the old 2003 server, would just renewing the IP address kick them into using DHCP leases from LPLDC1?

Once LPLDC1 has gone live, We would also like the old 2003 server to be a secondary DC, replicating the AD and DNS from LPLDC1.

- Could we just add the old 2003 server as an additional domain controller which would replicate the AD and DNS?

Does this seem the right approach? or if anyone has any other ideas, it would be greatly appreciated.
1 Solution
The way to cleanly replace a Domain Controller cleanly and with minimal disruption to users is as follows:-

Install Windows 2003 on the new hardware
Assign the new computer an IP address and subnet mask on the existing network
Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

Join the new machine to the existing domain as a member server

Note: If the new Windows 2003 server is the ‘R2’ version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2.

From the command line promote the new machine to a domain controller with the DCPROMO command from the command line
Select ‘Additional Domain Controller in an existing Domain’

Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the ‘Global Catalog’ checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

If you are using DHCP you should spread this across the domain controllers for now. In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Don’t forget to set the default gateway (router) and DNS Servers.

For now, all the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller (the new one), and the Alternate DNS to the other (the old one), that way if one of the DNS Servers fails, the clients will automatically use the other.

Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP.
You now need to move the FSMO roles (including the PDC emulator from the old machine to the new machine.  You should cleanly transfer the FSMO roles. This can be done in different ways see http://support.microsoft.com/kb/255504 or http://support.microsoft.com/kb/324801 or http://www.petri.co.il/transferring_fsmo_roles.htm for alternatives methods that can be used.

You should now test that all is OK by disconnecting the old DC (just unplug the network cable). The domain should continue to function, if not then troubleshoot. Reconnect the old Domain Controller when you are satisfied all is OK.

Once you are sure that all is OK then you can either leave both Domain controllers operational, (two domain controllers are normally recommended for fault tolerance)

If you really want to get rid of the old Domain controller then:

You should make sure that all the clients are using the new Domain Controller as their preferred DNS Server - and the Alternate DNS server is blank.

Run DCPROMO on the old DC to demote it back to a member server, and then remove it from the domain.
Reconfigure the DHCP scope if required.

If you follow this guidance it should result in a clean transition.
Joseph DalyCommented:
I have to say that is one of the best walkthroughs for this that I have come across. Added this to my knowledgebase.

dj_andyrAuthor Commented:
Wonderful walk-through of how we can make a clean transition between our old and new 2003 server. Clear and concise covering all angles.

Many thanks
When I come across an solution that helps me as much as this one has, I feel it would be nice to be able to award points even though it wasn't even my question. Very useful. I spent a lot of time refreshing my knowledge of migrating dc's and totally forgot about how to change the GC.

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now