Decommisioning 2003 Server

Posted on 2009-02-23
Last Modified: 2012-06-13
We have one old 2003 DC (name: server) on our network which we are looking to decommission :

- First domain in the forest
- All 5 FSMO roles
- DNS, DHCP, File Server, Print Server

We have one 2003 R2 server arriving next week, along with 60 new HP computers replacing 98% computers on the network.

We see this as a perfect opportunity to review our current AD design which is rather poor, so we would like to setup this new server in a lab and get our AD design, OU and file share structure nailed down. In the lab, the new server will have a different computer name (LPLDC1), and will be setup as the first domain in a new forest which will be using the same domain name WAGROUP as the old DC.

- How could we achieve replacing the old 2003 DC? Would we just demote the old 2003 DC and then plugin in LPLDC1? We are assuming that demoting the old server will remove/seize the FSMO roles, so when we add LPLDC1 it will take over with all 5 FSMO roles and run as PDC.

- Could we start copying file shares and migrate printer settings from the old server to the LPLDC1 after the old server has been demoted?

- How would we approach the computers on the network which were joined to the old 2003 server, would just renewing the IP address kick them into using DHCP leases from LPLDC1?

Once LPLDC1 has gone live, We would also like the old 2003 server to be a secondary DC, replicating the AD and DNS from LPLDC1.

- Could we just add the old 2003 server as an additional domain controller which would replicate the AD and DNS?

Does this seem the right approach? or if anyone has any other ideas, it would be greatly appreciated.
Question by:dj_andyr
    LVL 70

    Accepted Solution

    The way to cleanly replace a Domain Controller cleanly and with minimal disruption to users is as follows:-

    Install Windows 2003 on the new hardware
    Assign the new computer an IP address and subnet mask on the existing network
    Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)

    Join the new machine to the existing domain as a member server

    Note: If the new Windows 2003 server is the ‘R2’ version and the existing set-up is not then you need to run Adprep  from CD2 of the R2 disks on the existing Domain controller. Adprep is in the \CMPNENTS\R2\ folder on CD2.

    From the command line promote the new machine to a domain controller with the DCPROMO command from the command line
    Select ‘Additional Domain Controller in an existing Domain’

    Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the ‘Global Catalog’ checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)

    Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.

    If you are using DHCP you should spread this across the domain controllers for now. In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Don’t forget to set the default gateway (router) and DNS Servers.

    For now, all the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller (the new one), and the Alternate DNS to the other (the old one), that way if one of the DNS Servers fails, the clients will automatically use the other.

    Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP.
    You now need to move the FSMO roles (including the PDC emulator from the old machine to the new machine.  You should cleanly transfer the FSMO roles. This can be done in different ways see or or for alternatives methods that can be used.

    You should now test that all is OK by disconnecting the old DC (just unplug the network cable). The domain should continue to function, if not then troubleshoot. Reconnect the old Domain Controller when you are satisfied all is OK.

    Once you are sure that all is OK then you can either leave both Domain controllers operational, (two domain controllers are normally recommended for fault tolerance)

    If you really want to get rid of the old Domain controller then:

    You should make sure that all the clients are using the new Domain Controller as their preferred DNS Server - and the Alternate DNS server is blank.

    Run DCPROMO on the old DC to demote it back to a member server, and then remove it from the domain.
    Reconfigure the DHCP scope if required.

    If you follow this guidance it should result in a clean transition.
    LVL 35

    Expert Comment

    by:Joseph Daly
    I have to say that is one of the best walkthroughs for this that I have come across. Added this to my knowledgebase.


    Author Closing Comment

    Wonderful walk-through of how we can make a clean transition between our old and new 2003 server. Clear and concise covering all angles.

    Many thanks
    LVL 3

    Expert Comment

    When I come across an solution that helps me as much as this one has, I feel it would be nice to be able to award points even though it wasn't even my question. Very useful. I spent a lot of time refreshing my knowledge of migrating dc's and totally forgot about how to change the GC.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
    Trying to figure out group policy inheritance and which settings apply where can be a chore.  Here's a very simple summary I've written which might help.  Keep in mind, this is just a high-level conceptual overview where I try to avoid getting bogge…
    Need more eyes on your posted question? Go ahead and follow the quick steps in this video to learn how to Request Attention to your question. *Log into your Experts Exchange account *Find the question you want to Request Attention for *Go to the e…
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now