• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 594
  • Last Modified:

How do I consolidate domain controllers on Active Directory?

I have two Domain Controllers in our Active Directory environment.  One is on a 192.168.1.x network (Server 2003) and the other is on 192.168.4.x (Server 2008).  The former was the first deployed and the latter was installed later.  The 1.x traffic routes to the 4.x network, then on to the Internet.

Although both are set to replicate to each other, there have been intermittent problems such as if one goes down for reboot, user accounts will not work, even though the other is there.  I get a network not found error when trying to open up existing group policies.

So, to solve this, I would like to only have the 4.x Domain controller and demote the 1.x controller.  How do I go about doing this without losing any settings?
0
bigeven2002
Asked:
bigeven2002
  • 6
  • 4
  • 2
2 Solutions
 
Mike KlineCommented:
You don't want to only have one domain controller, what happens if that one goes down hard?  Then recovery gets a lot tougher.

Are both of them Global Catalog servers?   How is DNS setup (are they both running DNS).   It would be better to try and fix the issues rather than only have one DC.

Thanks

Mike
0
 
bigeven2002Author Commented:
Thanks for the response.  To my knowledge, both are global catalog servers and both are running DNS.  Just to be sure though, how can I verify that they are both global catalog?
0
 
bigeven2002Author Commented:
Also, I should add that logon scripts have just now stopped working as well.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Mike KlineCommented:
You can look in sites and services  http://technet.microsoft.com/en-us/library/cc786686(WS.10).aspx

also ways using dsquery or adfind but with two DCs just using sites and services is easy enough.

Thanks

Mike
0
 
Encrypted1024Commented:
If you decide to demote one DC then you will have to transfer your FSMO roles from your 2003 to your 2008 DC.

http://support.microsoft.com/kb/324801

However I agree that you should have at least 2 DC's in your Domain.
0
 
bigeven2002Author Commented:
Ok I confirmed they are both catalog servers.  Both can see the sysvol for the domain.  However, the 4.x DC and member servers on the 4.x network are getting Event IDs 1030 and 1058 for the Userenv service and they cannot see the sysvol share.
0
 
Encrypted1024Commented:
Try running dcdiag from each DC. This will give you an idea of AD errors and replication erorrs. It may give you a clue as to where to start.
0
 
bigeven2002Author Commented:
Done.  DCDiag doesn't work on 2003, I guess I need to install the support tools for that.  In 2008 though, there were several errors.  Looks like I got my work cut out for me.  I'll get these errors solved and continue on with the FSMO.  I wouldn't mind keeping 2 DCs if there weren't so many problems with the setup.  The 2008 DC is virtualized so I could probably clone that and make a second DC since we have an enterprise license.

Thanks all for your help!
0
 
Encrypted1024Commented:
Don't Clone your DC. Build a new 2008 VM and join it to the domain. DCPROMO to a DC then add the services you need. It will replicate all of your domain data across to it.
0
 
bigeven2002Author Commented:
Ok will do.  I installed the support tools on the 2003 DC, and it has a slew of problems as well.  Another thing is, we run Exchange on this domain so I can't make any significant changes.  Hence, why I wanted to do this without losing any settings.  Not sure where to start, I'll probably post another question so this one won't get off topic.
0
 
Encrypted1024Commented:
Sure, a new question is probably a good idea. Just to get you started, I will suggest being carefull moving forward. If AD is broken, you may want to wait a bit before you take out a DC. If replication is broken, you may get errors when transfering the roles. Then if you take out the original DC things might fall apart.

Did you do a Forest Prep before adding your 2008 DC?
0
 
bigeven2002Author Commented:
I think the forest prep was done.  I had an outside consultant setup the 2008 server and he was aware of the existing 2003 server.  But DCDiag does show several problems with all the above with both DCs so I'll definitely try to get those fixed before moving forward.  Since points have already been awarded, I guess it wouldn't hurt to post here a couple more times.
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

  • 6
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now