Complications of moving DCs between sites

Consider the following setup:
Site A: Headquarters
3 Domain controllers on Windows 2000 SP4 - DC01, DC02, DC03
DC01: schema master, domain role
DC02: pdc, RID, infrastructure roles
DC03: no FSMO roles
Site B: Remote Site
1 Domain controller on Windows 2000 SP2 - DC04
DC04: no FSMO roles

As part of my domain upgrade project (2000 to 2003), I am going to wipe and reinstall DCs on our domain one by one. 1st phase requires me to demote the remote DC04, which is Windows 2000 SP2 and cannot be updated to SP4. I am planning to demote DC04 at site B and assign DC01 from site A to site B. The server subnets between the sites are different. If I assign a site A DC to site B in Active Directory, what am I risking? Does the subnet of DC01 need to be changed to match DC04's subnet? Shall I rather assign a DC with non FSMO roles to a remote site (e.g. DC03)? Do DC01 and DC02 have to stay within the same site? Are there any other issues that might arise? Thank you
Who is Participating?
AmericomConnect With a Mentor Commented:
Are you physically going to move the DC to the remote site and change the IP address to the remote site's subnet?If not, simply moving the DC01 from AD site A to AD Site B is not going to accomplish anything other than create some even error on your DC log but also not going have any majory risk, it just meaningless. I don't suggest you to physically move the DC to site B. Since your DC04 is old and the hardware could also be very old as well, don't you have another box you can promote as a DC05 before killing dc04? Physically moving your root domain DC is more risky than demoting your DC04 and leave the 100 users without a DC. For 100 users, authenticate over the WAN is only a temporary performance concern assuming all user authenticate the same time. Unless you have other roaming profile etc that the clients need to pull from DC04 upon authentication etc. Otherwise, temporarily without a DC on a site is not a big concern. Other option you can do is may be bring up a VM or even a desktop as a DC while you are doing the upgrade of DC04 would probably be a better and less effort.
It is meaningless to move DC from one AD site to another AD site without changing the DC's IP and physically move to the subnet of the remote site. Why not just demote the DC04 and upgrade or create a new win2k3 DC if that the site you have concern not having a DC? Or why do you even have a such old DC on this site, what is in this site that you really need a DC? Or can you live without a DC on this remote site?
CEAdminAuthor Commented:
Hi Americom, DC04 is going to be upgraded (wiped out and Win2003 installed on the same box). I don't want the site to remain without any DCs during that time; there are 100+ users there. Moving another DC to the remote site in AD is only a temporary measure, that is, until the new DC is up at that site. I hope this clears things up. My questions still remain.
CEAdminAuthor Commented:
Thanks Americom. I think this covers all the bases.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.