Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 643
  • Last Modified:

how to demote DC and joining it on a remote DC


 Hi Experts,

 How to demote DC and join it on a remote DC with different subnet?
 I need a step by step guide please. many thanks
0
ragot
Asked:
ragot
  • 12
  • 8
  • 3
1 Solution
 
logideepakCommented:
For Demoting a DC,
goto start--> Run and type dcpromo

It will provide you with a web based wizard for demtoting the current dc and bringing the machine in the workgroup.

After that you need to set up the TCP / IP Settings of the workgroup so that it can find the ad from other sub net.

Once the IP settings are complete, you can add the computer in the remote dc.
0
 
ragotAuthor Commented:
thanks logideepak! do i need to run dcpromo again after i add the pc in the remote dc?
0
 
logideepakCommented:
No, DCPromo is used to either create an AD structure in the server to promote the machine as a domain controller.
Once the machine is promoted to a domain controller, if you run the dcpromo again, it will demote the machine back to the workgroup.

however, after adding the PC to the remote DC, you dont need to run the dcpromo command.
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
ragotAuthor Commented:
thanks but i want that DC to be part of the remote DC.
0
 
logideepakCommented:
Have you installed your DC as a part of the existing Forest of the Remote DC?
0
 
ragotAuthor Commented:
i think not yet, can you tell me how to install?
0
 
KenMcFCommented:
ragot
To give you an accurate answer we will need to know your topology.

Do you have a seperate AD forest at this remote site you want this DC to be a part of?
Is this DC just moving to a seperate subnet within your company and will still be apart of the same forest?

Here is a link on how to run DCPromo, but it may not fit your senerio.

http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm
0
 
ragotAuthor Commented:
Do you have a seperate AD forest at this remote site you want this DC to be a part of? - this is the one.
i already joined the dc into another AD forest. i can logon administrator with the same domain on different subnet. problem is i cannot login my new created user account from AD. i got the error message " The local policy of this system does not permit you to logon interactively "
0
 
KenMcFCommented:
Are you trying to login to a Domain Controller with a user account you created? or it is juts a server?

If it is a server make sure that user is at least in the Remote Desktop User group. If it is the Domain Controller the user will need to be in the domain admins group.
0
 
ragotAuthor Commented:

 wow it works now after setting it as a member of remote desktop user group.
 will there be no problem if i created a user account and logon to client machine?
 and is there any DNS forwarding that needs to be setup on the instructions above? ( please refer to logideepak's first reply )

 thanks!
0
 
KenMcFCommented:
If you need to get name resolution for the other domain you can setup conditional forwaders in each domain. See link below

You should be able to login into client computers with new accounts on the same domain.



http://msmvps.com/blogs/ad/archive/2008/09/05/how-to-configure-conditional-forwarders-in-windows-server-2008.aspx
0
 
ragotAuthor Commented:
thanks KenMcF, how will i know if i need to get name resolution for the other domain?
do you have link for server 2003? thanks
0
 
KenMcFCommented:
That link has a screen shot from 2003. It is labled old way.

If you do not need to access any resources on the other domain then you should not need to configure the forwarders.
0
 
ragotAuthor Commented:
oh i see. we need to access files on both domain. can you help me how to do the configuration for forwarders? many thanks
0
 
KenMcFCommented:
Look at this link for setting up conditional forwaders.

You would just put the domain name in for the remote domain and the IP of the DNS server.

http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
0
 
ragotAuthor Commented:

 scenario
 DC1 - " other DC "
 DC2 - demoted and join " other DC "

 you mean i will input the DNS of DC2 into forwarder settings? am i correct?
0
 
KenMcFCommented:
You have two forests now. So call them forest1 and forest2

forest1 = domain1.local

forest2 = domain2.dns

in forest1 create a conditional forwader for domain2.dns and points to a DNS server in domain2.dns

in forest2 create a conditional forwader for domain1.local and points to a DNS server in domain1.local
0
 
ragotAuthor Commented:

 thanks KenMcF! if i demote the DC, do i need to reconfigure the DHCP server after joining it to other domain?
0
 
KenMcFCommented:
You will need to authorize the DHCP server in the new domain and I would verify the settings are correct like the DNS servers.
0
 
ragotAuthor Commented:

 thanks. how about the files?, they will not be deleted right? i just have to reassign access rights to them?
0
 
KenMcFCommented:
Files will not be deleted. Since it is a new domain you will need to reassign permissions.
0
 
ragotAuthor Commented:

 thanks. no need to create another AD on forest2 right? i will just use the forest1 AD ( which is the one i joined to ) or it better to create?
0
 
ragotAuthor Commented:
awesome! thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

  • 12
  • 8
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now