Demoting Domain Controller that is a FSMO role holder & secondary CA
Posted on 2009-03-30
My Situation :
1. Previous admins installed several domain controllers with 12GB system partitions.
2. DC in question has 700MB left on the system partition. It is the proverbial ticking time bomb.
3. DC is also a FSMO role holder : RID master, PDC emulator, Domain Naming Master.
4. DC is a secondary Certificate Authority for the domain.
5, Active Directory related directories (sysvol, NTDS,dit, etc.) are, of course, on the system partition.
From what I've researched, demoting / promoting the DC and choosing a secondary partition for the ADS data is the best method to resolve my problem.
My questions :
1. Is the demote / promote method the best way to resolve this issue? Most of the other methods (e.g. manually move ADS data, expand system partition) seemed ill-advised?
2. Should I manually move the FSMO roles prior to demotion, or allow ADS to automatically re-provision the FSMO roles?
3. What the heck do I do about the CA?
4. Should the whole operation go sideways, what is my exposure? Forest level restore from sys-state backup?
5. Anything else I should know?