• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3479
  • Last Modified:

How to demote DC with DNS and DHCP?

Hi,

A new serveur is mounted with DC role.

How do I demote the old Windows 2003 DC which is also a DNS, Global Catalog  and DHCP server?

Thank you.
0
SAM2009
Asked:
SAM2009
  • 4
  • 4
  • 2
  • +2
5 Solutions
 
Swapnil PrajapatiSr. System AdministratorCommented:
Might be this can help you.
http://technet.microsoft.com/en-us/library/cc740017%28WS.10%29.aspx

First ensure that all the roles that your DC having are transfered to the new DC.
It will not affect your Server Role of DHCP.
0
 
Swapnil PrajapatiSr. System AdministratorCommented:
Your DNS will be a simple DNS server not Active Directory Integrated DNS Server
0
 
Mike KlineCommented:
Did you install DNS on your new server/DC?  Are clients (static and DHCP) pointing to the new box for DNS.  Did you also make the new DC a Global Catalog.

If you are sure the new DC has all the roles then you can just use dcpromo to demote the old DC.  At that point since you are running AD Integrated DNS those zones will no longer be held on the server.

You can follow these procedures to move DHCP  http://technet.microsoft.com/en-us/library/cc776587(WS.10).aspx

or you can keep that old box as a member server and let it still be the DHCP server.

Will you have at least two DCs on your network?

Thanks

Mike
1
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
SAM2009Author Commented:
Yes the new server DNS is installed and I have more than 2 DCs
0
 
Justin OwensITIL Problem ManagerCommented:
Are you wanting to remove all roles from the old server?  If so, let me know.  If not, let me know what roles you want it to keep.  Either way, it is an easy process, just requires different steps depending on your desired outcome.

Justin
0
 
SAM2009Author Commented:
I will keep the old server just as a file server that's all.
0
 
Justin OwensITIL Problem ManagerCommented:
In that case, follow the directions Mike sent above (see post http:#33679145 specifically).  A couple of things to consider:
  • You don't want TWO DHCP servers online at the same time.  I have found the easiest way to do this is to set up a new scope which doesn't include the range from your original scope.  When you are ready, you can then enable the new server whilst you disable the old server.  Once you are sure your machines have migrated to the new server, you will have fewer IP conflict issues.  You can do a cold cut, but you may run into more issues.
  • Because your DNS is AD integrated, you will have to remove the DNS role from that server before you remove the AD role from that server.  If it is a normal setup, that means you will need to reconfigure its IP settings to use a remaining DNS server or it will lose all communication to your domain.
  • Make sure all FMSO roles are on another server before you start the process.
  • Make sure your new DHCP scope is pointing to the correct IP addresses for DNS and not to the machine you are demoting.
It is a fairly easy process.  If you get stuck anywhere with the ideas above, ask now.  You need to be comfortable with these concepts before you start the process:
  1. DNS removal
  2. AD demotion
  3. DHCP migration
  4. FSMO roles transfer
If any of those are unclear, ask and we can provide more info.

Justin
0
 
SAM2009Author Commented:
What happen if I remote DC without removing DNS role fiirst?
0
 
Mike KlineCommented:
The AD Integrated zones will be gone, you can demote and then remove DNS afterwards...that is fine.
0
 
SAM2009Author Commented:
Thank you for all your helps!
0
 
Justin OwensITIL Problem ManagerCommented:
Mike,

I just tried in my lab...  On Server 2003, I could not remove the DNS role if the server was also a DC and DNS was AD Integrated.  In what cases can a DNS which is AD integrated be removed after a DC is demoted?  Not doubting you at all, just would like to know for my own education.

Justin
0
 
Justin OwensITIL Problem ManagerCommented:
Sorry...I wish I could edit posts... It should have read:

On Server 2003, I could not remove the AD DC Role if it was also a DNS server with AD Integration.

Justin
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

  • 4
  • 4
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now