How do I consolidate domain controllers on Active Directory?

I have two Domain Controllers in our Active Directory environment.  One is on a 192.168.1.x network (Server 2003) and the other is on 192.168.4.x (Server 2008).  The former was the first deployed and the latter was installed later.  The 1.x traffic routes to the 4.x network, then on to the Internet.

Although both are set to replicate to each other, there have been intermittent problems such as if one goes down for reboot, user accounts will not work, even though the other is there.  I get a network not found error when trying to open up existing group policies.

So, to solve this, I would like to only have the 4.x Domain controller and demote the 1.x controller.  How do I go about doing this without losing any settings?
LVL 17
bigeven2002Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mike KlineCommented:
You don't want to only have one domain controller, what happens if that one goes down hard?  Then recovery gets a lot tougher.

Are both of them Global Catalog servers?   How is DNS setup (are they both running DNS).   It would be better to try and fix the issues rather than only have one DC.

Thanks

Mike
0
bigeven2002Author Commented:
Thanks for the response.  To my knowledge, both are global catalog servers and both are running DNS.  Just to be sure though, how can I verify that they are both global catalog?
0
bigeven2002Author Commented:
Also, I should add that logon scripts have just now stopped working as well.
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

Mike KlineCommented:
You can look in sites and services  http://technet.microsoft.com/en-us/library/cc786686(WS.10).aspx

also ways using dsquery or adfind but with two DCs just using sites and services is easy enough.

Thanks

Mike
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Encrypted1024Commented:
If you decide to demote one DC then you will have to transfer your FSMO roles from your 2003 to your 2008 DC.

http://support.microsoft.com/kb/324801

However I agree that you should have at least 2 DC's in your Domain.
0
bigeven2002Author Commented:
Ok I confirmed they are both catalog servers.  Both can see the sysvol for the domain.  However, the 4.x DC and member servers on the 4.x network are getting Event IDs 1030 and 1058 for the Userenv service and they cannot see the sysvol share.
0
Encrypted1024Commented:
Try running dcdiag from each DC. This will give you an idea of AD errors and replication erorrs. It may give you a clue as to where to start.
0
bigeven2002Author Commented:
Done.  DCDiag doesn't work on 2003, I guess I need to install the support tools for that.  In 2008 though, there were several errors.  Looks like I got my work cut out for me.  I'll get these errors solved and continue on with the FSMO.  I wouldn't mind keeping 2 DCs if there weren't so many problems with the setup.  The 2008 DC is virtualized so I could probably clone that and make a second DC since we have an enterprise license.

Thanks all for your help!
0
Encrypted1024Commented:
Don't Clone your DC. Build a new 2008 VM and join it to the domain. DCPROMO to a DC then add the services you need. It will replicate all of your domain data across to it.
0
bigeven2002Author Commented:
Ok will do.  I installed the support tools on the 2003 DC, and it has a slew of problems as well.  Another thing is, we run Exchange on this domain so I can't make any significant changes.  Hence, why I wanted to do this without losing any settings.  Not sure where to start, I'll probably post another question so this one won't get off topic.
0
Encrypted1024Commented:
Sure, a new question is probably a good idea. Just to get you started, I will suggest being carefull moving forward. If AD is broken, you may want to wait a bit before you take out a DC. If replication is broken, you may get errors when transfering the roles. Then if you take out the original DC things might fall apart.

Did you do a Forest Prep before adding your 2008 DC?
0
bigeven2002Author Commented:
I think the forest prep was done.  I had an outside consultant setup the 2008 server and he was aware of the existing 2003 server.  But DCDiag does show several problems with all the above with both DCs so I'll definitely try to get those fixed before moving forward.  Since points have already been awarded, I guess it wouldn't hurt to post here a couple more times.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.