Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

How to demote DC with DNS and DHCP?

Posted on 2010-09-14
13
Medium Priority
?
3,230 Views
Last Modified: 2012-05-20
Hi,

A new serveur is mounted with DC role.

How do I demote the old Windows 2003 DC which is also a DNS, Global Catalog  and DHCP server?

Thank you.
0
Comment
Question by:SAM2009
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +2
13 Comments
 
LVL 5

Assisted Solution

by:Swapnil Prajapati
Swapnil Prajapati earned 300 total points
ID: 33679061
Might be this can help you.
http://technet.microsoft.com/en-us/library/cc740017%28WS.10%29.aspx

First ensure that all the roles that your DC having are transfered to the new DC.
It will not affect your Server Role of DHCP.
0
 
LVL 5

Expert Comment

by:Swapnil Prajapati
ID: 33679073
Your DNS will be a simple DNS server not Active Directory Integrated DNS Server
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 600 total points
ID: 33679145
Did you install DNS on your new server/DC?  Are clients (static and DHCP) pointing to the new box for DNS.  Did you also make the new DC a Global Catalog.

If you are sure the new DC has all the roles then you can just use dcpromo to demote the old DC.  At that point since you are running AD Integrated DNS those zones will no longer be held on the server.

You can follow these procedures to move DHCP  http://technet.microsoft.com/en-us/library/cc776587(WS.10).aspx

or you can keep that old box as a member server and let it still be the DHCP server.

Will you have at least two DCs on your network?

Thanks

Mike
1
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 11

Assisted Solution

by:farjadarshad
farjadarshad earned 300 total points
ID: 33679160
0
 
LVL 1

Author Comment

by:SAM2009
ID: 33679318
Yes the new server DNS is installed and I have more than 2 DCs
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 33682437
Are you wanting to remove all roles from the old server?  If so, let me know.  If not, let me know what roles you want it to keep.  Either way, it is an easy process, just requires different steps depending on your desired outcome.

Justin
0
 
LVL 1

Author Comment

by:SAM2009
ID: 33682511
I will keep the old server just as a file server that's all.
0
 
LVL 31

Accepted Solution

by:
Justin Owens earned 800 total points
ID: 33682624
In that case, follow the directions Mike sent above (see post http:#33679145 specifically).  A couple of things to consider:
  • You don't want TWO DHCP servers online at the same time.  I have found the easiest way to do this is to set up a new scope which doesn't include the range from your original scope.  When you are ready, you can then enable the new server whilst you disable the old server.  Once you are sure your machines have migrated to the new server, you will have fewer IP conflict issues.  You can do a cold cut, but you may run into more issues.
  • Because your DNS is AD integrated, you will have to remove the DNS role from that server before you remove the AD role from that server.  If it is a normal setup, that means you will need to reconfigure its IP settings to use a remaining DNS server or it will lose all communication to your domain.
  • Make sure all FMSO roles are on another server before you start the process.
  • Make sure your new DHCP scope is pointing to the correct IP addresses for DNS and not to the machine you are demoting.
It is a fairly easy process.  If you get stuck anywhere with the ideas above, ask now.  You need to be comfortable with these concepts before you start the process:
  1. DNS removal
  2. AD demotion
  3. DHCP migration
  4. FSMO roles transfer
If any of those are unclear, ask and we can provide more info.

Justin
0
 
LVL 1

Author Comment

by:SAM2009
ID: 33687394
What happen if I remote DC without removing DNS role fiirst?
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 600 total points
ID: 33688217
The AD Integrated zones will be gone, you can demote and then remove DNS afterwards...that is fine.
0
 
LVL 1

Author Closing Comment

by:SAM2009
ID: 33688756
Thank you for all your helps!
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 33690987
Mike,

I just tried in my lab...  On Server 2003, I could not remove the DNS role if the server was also a DC and DNS was AD Integrated.  In what cases can a DNS which is AD integrated be removed after a DC is demoted?  Not doubting you at all, just would like to know for my own education.

Justin
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 33691004
Sorry...I wish I could edit posts... It should have read:

On Server 2003, I could not remove the AD DC Role if it was also a DNS server with AD Integration.

Justin
0

Featured Post

Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question