DNS on Demoted Domain Controller

wcutech used Ask the Experts™
I have installed two new Windows server 2008 domain controllers that are replacing an older Windows Server 2003 Domain controller. I am ready to demote the old domain controller but realize that all clients are pointing to the old server for DNS.  The new domain controllers that I installed have already been set up with DNS as well and everything is replicated. DNS on the servers is Active directory integrated, so I believe that when I demote the old Domain Controller it will lose DNS functionality. All clients would then stop being able to connect to DNS, so I believe that I have two options:

1. Hold off demoting the old domain controller until we can change DNS settings on all clients in the network.
2. Remove DNS from the old domain controller, then demote it, and then add DNS again, setting up a Stub or Secondary Zone to replicate the primary zone that is now on the new servers.

The second option is better because it would be much easier. But I don't want to go that route if it would cause any problems. Eventually I would plan on adding the two new DNS servers to the settings on all clients. Any input would be appreciated.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Or 3.) Use DHCP to publish DNS setting to the clients.
I'm confused by your #2 point, but all this would be irrelevant if indeed your clients' IPs are manually assigned instead of DHCP, as Bembi points out. If they ARE manually assigned, why not just demote the old DC, power it off, then reassign its IP to one of the new DC's? You'd probably want to do this after-hours so as to cause minimal downtime.


Thanks for the replies guys.

DHCP isn't possible (it's a long story and I don't have any control over this) so it has be set manually. As well the old server is still going to be used, and will need to retain the old IP address.

Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

Then I suppose your #2 solution MIGHT work in the short term (though I must admit it sounds like an odd setup), but it sounds like you'll likely need to manually change the client DNS entries.
Hi wcutech.

I do not think the old DC will loose DNS capability but you can always run DNS on him standalone.

I would do the following.

1.  Make one of the new DCs a primary DNS server (the other one secondary).
2.  Then make the old DC (Win 2003 machine) a secondary DNS server. (Yes, you will have 3 DNSs)

You can now take the old DC off line, as in not use it as an Domain Controller any more.  The server it self (and therefor the IP address it has) can still act as an secondary DNS.

By doing this you can in time change the DNS settings on all your clients so they point to your new DC servers, all will still work because the secondary DNS server will work just fine for your network.  Then again, it is a good policy to have 2 DNS servers, just in case 1 goes down.  And if I go on about this, then you could run 10 DNS servers on your network and to which one of them you point your clients really does not matter...

Also, you could just kill the old DC and then recycle the IP address and set up a new server and use it as a secondary DNS.

In short, nr. 2... ;)

Hope this helps!

Kind regards,
Olvir Sveinsson
PowerShell Developer
Top Expert 2010

It would, it cannot host an AD Integrated zone. 2 is fine.

I would have:

2008 - Primary AD Integrated (replicating between both 2008 servers)
2003 - Stub or Secondary

Dynamic Updates go to the server in the SOA, so the clients will still add records correctly, nothing else is server specific.

You're aware that it is possible to script the change of DNS servers on your clients? Not as good as DHCP, but entirely possible :)



Thanks again for the input guys.


I would script the DNS changes if possible. We run a Terminal Services environment and most of our client boxes are thin clients where the change has to be manual. I think I'll go for solution #2 - Integrated Primary on the new servers, and Stub or Secondary on the old one.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial