Complications of moving DCs between sites

Posted on 2009-04-29
Last Modified: 2013-12-24
Consider the following setup:
Site A: Headquarters
3 Domain controllers on Windows 2000 SP4 - DC01, DC02, DC03
DC01: schema master, domain role
DC02: pdc, RID, infrastructure roles
DC03: no FSMO roles
Site B: Remote Site
1 Domain controller on Windows 2000 SP2 - DC04
DC04: no FSMO roles

As part of my domain upgrade project (2000 to 2003), I am going to wipe and reinstall DCs on our domain one by one. 1st phase requires me to demote the remote DC04, which is Windows 2000 SP2 and cannot be updated to SP4. I am planning to demote DC04 at site B and assign DC01 from site A to site B. The server subnets between the sites are different. If I assign a site A DC to site B in Active Directory, what am I risking? Does the subnet of DC01 need to be changed to match DC04's subnet? Shall I rather assign a DC with non FSMO roles to a remote site (e.g. DC03)? Do DC01 and DC02 have to stay within the same site? Are there any other issues that might arise? Thank you
Question by:CEAdmin
    LVL 18

    Expert Comment

    It is meaningless to move DC from one AD site to another AD site without changing the DC's IP and physically move to the subnet of the remote site. Why not just demote the DC04 and upgrade or create a new win2k3 DC if that the site you have concern not having a DC? Or why do you even have a such old DC on this site, what is in this site that you really need a DC? Or can you live without a DC on this remote site?

    Author Comment

    Hi Americom, DC04 is going to be upgraded (wiped out and Win2003 installed on the same box). I don't want the site to remain without any DCs during that time; there are 100+ users there. Moving another DC to the remote site in AD is only a temporary measure, that is, until the new DC is up at that site. I hope this clears things up. My questions still remain.
    LVL 18

    Accepted Solution

    Are you physically going to move the DC to the remote site and change the IP address to the remote site's subnet?If not, simply moving the DC01 from AD site A to AD Site B is not going to accomplish anything other than create some even error on your DC log but also not going have any majory risk, it just meaningless. I don't suggest you to physically move the DC to site B. Since your DC04 is old and the hardware could also be very old as well, don't you have another box you can promote as a DC05 before killing dc04? Physically moving your root domain DC is more risky than demoting your DC04 and leave the 100 users without a DC. For 100 users, authenticate over the WAN is only a temporary performance concern assuming all user authenticate the same time. Unless you have other roaming profile etc that the clients need to pull from DC04 upon authentication etc. Otherwise, temporarily without a DC on a site is not a big concern. Other option you can do is may be bring up a VM or even a desktop as a DC while you are doing the upgrade of DC04 would probably be a better and less effort.

    Author Closing Comment

    Thanks Americom. I think this covers all the bases.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Highfive + Dolby Voice = No More Audio Complaints!

    Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

    Entering time in Microsoft Access can be difficult. An input mask often bothers users more than helping them and won't catch all typing errors. This article shows how to create a textbox for 24-hour time input with full validation politely catching …
    CCModeler offers a way to enter basic information like entities, attributes and relationships and export them as yEd or erviz diagram. It also can import existing Access or SQL Server tables with relationships.
    Video by: Steve
    Using examples as well as descriptions, step through each of the common simple join types, explaining differences in syntax, differences in expected outputs and showing how the queries run along with the actual outputs based upon a simple set of dem…
    This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now