Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Decommissioning Secondary Domain Controller

Posted on 2009-03-31
13
Medium Priority
?
2,135 Views
Last Modified: 2012-05-06
Hello..
What is the best practice to decommission a secondary dc on Windows 2003 Server with global catalog enabled on both primary and secondary?

Thanks,
0
Comment
Question by:m1itsupport
  • 4
  • 4
  • 2
  • +1
13 Comments
 
LVL 49

Accepted Solution

by:
Akhater earned 1000 total points
ID: 24033904
as long as it is not an exchange server

DCpromo it out
disjoin it from your domain

make sure the clients are not using it as DNS server etc...

that's it
0
 
LVL 4

Assisted Solution

by:GMorineau
GMorineau earned 1000 total points
ID: 24034487
Check the FMSOs... Be sure that all are in the last DC.

Check the DNS and network services like DHCP, WINS or similar... transfer any service to the other DC. If everything is ok, disable the global catalogue and use the DCPROMO command.

Very easy.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 24034792
Make sure the clients and other servers are pointing to this server for DNS.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 49

Expert Comment

by:Akhater
ID: 24036873
"Check the FMSOs... Be sure that all are in the last DC."

not needed roles will be transferred automatically when dcpromo out is happening



0
 
LVL 4

Expert Comment

by:GMorineau
ID: 24037312
Akhater, m1itsupport ask for "best pratices".

The system is able to fix some "forgets", but I prefere do my Checklist. I dont like computer thinking alone!!!
0
 
LVL 49

Expert Comment

by:Akhater
ID: 24037323
@Gmorineau well I don't mind your checklist and I would agree with it if it was more than 2 DCs but with only 2 dcs you don't really have a lot of options to relocate them.

0
 
LVL 4

Expert Comment

by:GMorineau
ID: 24037556
you are right, I dont question that.... but, following Microsoft instructions:


To demote a domain controller
1) On a domain controller, click Start, and then click Run.

2) In Open, type dcpromo to open the Active Directory Installation Wizard, and then click Next.

3) On the Remove Active Directory page, click Next, and then continue to follow the wizard.

Caution:

Before you complete this procedure, verify that this domain controller is not the only global catalog and that it does not hold an operations master role.

Notes

To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.

If this domain controller is a global catalog, ensure that another global catalog is available to users before demoting it. For information about configuring domain controllers to host the global catalog, see Related Topics.

If this domain controller currently holds one or more operations master roles, transfer the operations master roles to another domain controller before demoting it. For information about locating operations masters and transferring operations master roles, see Related Topics.

If this domain controller is the last domain controller in the domain, demoting this domain controller will remove this domain from the forest. If this is the last domain in the forest, demoting this domain controller will also delete the forest. For information about removing domains and forests, see Related Topics.

If this domain controller holds the last replica of one or more application directory partitions, you must first remove the last application directory partition replicas from this domain controller before you can demote it. You can use the Active Directory Installation Wizard to remove all application directory partition replicas from this domain controller or you can manually remove them using the Ntdsutil command-line tool. For information about application directory partitions, see Related Topics.

0
 
LVL 49

Expert Comment

by:Akhater
ID: 24037781
Please also make sure this DC is NOT used by exchange for the RUS service

open Exchange System Manager -> Recipients -> Recipients update service
0
 

Author Comment

by:m1itsupport
ID: 24470655
Thank you all,
i have one more question.
what if the server is the Alternate DNS Server too??
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 24474118
If this server is not being used anymore then you must remove the DNS TCP\IP setting for any client that has this server listed as a DNS server. Then you can just delete the zone from the server and you should be good to go.
0
 
LVL 4

Expert Comment

by:GMorineau
ID: 24477291
well... If your server is a secondary domain controller, it very probable that server is also DNS service running!

Anyway, like dariusq said, be sure that server is not used by any client or mentioned by any service (like DHCP service) to your network. if ok, remove it and sleep well.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question