Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to demote DC with DNS and DHCP?

Posted on 2010-09-14
13
Medium Priority
?
3,371 Views
Last Modified: 2012-05-20
Hi,

A new serveur is mounted with DC role.

How do I demote the old Windows 2003 DC which is also a DNS, Global Catalog  and DHCP server?

Thank you.
0
Comment
Question by:SAM2009
  • 4
  • 4
  • 2
  • +2
13 Comments
 
LVL 5

Assisted Solution

by:Swapnil Prajapati
Swapnil Prajapati earned 300 total points
ID: 33679061
Might be this can help you.
http://technet.microsoft.com/en-us/library/cc740017%28WS.10%29.aspx

First ensure that all the roles that your DC having are transfered to the new DC.
It will not affect your Server Role of DHCP.
0
 
LVL 5

Expert Comment

by:Swapnil Prajapati
ID: 33679073
Your DNS will be a simple DNS server not Active Directory Integrated DNS Server
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 600 total points
ID: 33679145
Did you install DNS on your new server/DC?  Are clients (static and DHCP) pointing to the new box for DNS.  Did you also make the new DC a Global Catalog.

If you are sure the new DC has all the roles then you can just use dcpromo to demote the old DC.  At that point since you are running AD Integrated DNS those zones will no longer be held on the server.

You can follow these procedures to move DHCP  http://technet.microsoft.com/en-us/library/cc776587(WS.10).aspx

or you can keep that old box as a member server and let it still be the DHCP server.

Will you have at least two DCs on your network?

Thanks

Mike
1
WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

 
LVL 11

Assisted Solution

by:farjadarshad
farjadarshad earned 300 total points
ID: 33679160
0
 
LVL 1

Author Comment

by:SAM2009
ID: 33679318
Yes the new server DNS is installed and I have more than 2 DCs
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 33682437
Are you wanting to remove all roles from the old server?  If so, let me know.  If not, let me know what roles you want it to keep.  Either way, it is an easy process, just requires different steps depending on your desired outcome.

Justin
0
 
LVL 1

Author Comment

by:SAM2009
ID: 33682511
I will keep the old server just as a file server that's all.
0
 
LVL 31

Accepted Solution

by:
Justin Owens earned 800 total points
ID: 33682624
In that case, follow the directions Mike sent above (see post http:#33679145 specifically).  A couple of things to consider:
  • You don't want TWO DHCP servers online at the same time.  I have found the easiest way to do this is to set up a new scope which doesn't include the range from your original scope.  When you are ready, you can then enable the new server whilst you disable the old server.  Once you are sure your machines have migrated to the new server, you will have fewer IP conflict issues.  You can do a cold cut, but you may run into more issues.
  • Because your DNS is AD integrated, you will have to remove the DNS role from that server before you remove the AD role from that server.  If it is a normal setup, that means you will need to reconfigure its IP settings to use a remaining DNS server or it will lose all communication to your domain.
  • Make sure all FMSO roles are on another server before you start the process.
  • Make sure your new DHCP scope is pointing to the correct IP addresses for DNS and not to the machine you are demoting.
It is a fairly easy process.  If you get stuck anywhere with the ideas above, ask now.  You need to be comfortable with these concepts before you start the process:
  1. DNS removal
  2. AD demotion
  3. DHCP migration
  4. FSMO roles transfer
If any of those are unclear, ask and we can provide more info.

Justin
0
 
LVL 1

Author Comment

by:SAM2009
ID: 33687394
What happen if I remote DC without removing DNS role fiirst?
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 600 total points
ID: 33688217
The AD Integrated zones will be gone, you can demote and then remove DNS afterwards...that is fine.
0
 
LVL 1

Author Closing Comment

by:SAM2009
ID: 33688756
Thank you for all your helps!
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 33690987
Mike,

I just tried in my lab...  On Server 2003, I could not remove the DNS role if the server was also a DC and DNS was AD Integrated.  In what cases can a DNS which is AD integrated be removed after a DC is demoted?  Not doubting you at all, just would like to know for my own education.

Justin
0
 
LVL 31

Expert Comment

by:Justin Owens
ID: 33691004
Sorry...I wish I could edit posts... It should have read:

On Server 2003, I could not remove the AD DC Role if it was also a DNS server with AD Integration.

Justin
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question