Solved

how to demote DC and joining it on a remote DC

Posted on 2010-11-17
23
606 Views
Last Modified: 2012-05-10

 Hi Experts,

 How to demote DC and join it on a remote DC with different subnet?
 I need a step by step guide please. many thanks
0
Comment
Question by:ragot
  • 12
  • 8
  • 3
23 Comments
 
LVL 5

Accepted Solution

by:
logideepak earned 500 total points
Comment Utility
For Demoting a DC,
goto start--> Run and type dcpromo

It will provide you with a web based wizard for demtoting the current dc and bringing the machine in the workgroup.

After that you need to set up the TCP / IP Settings of the workgroup so that it can find the ad from other sub net.

Once the IP settings are complete, you can add the computer in the remote dc.
0
 

Author Comment

by:ragot
Comment Utility
thanks logideepak! do i need to run dcpromo again after i add the pc in the remote dc?
0
 
LVL 5

Expert Comment

by:logideepak
Comment Utility
No, DCPromo is used to either create an AD structure in the server to promote the machine as a domain controller.
Once the machine is promoted to a domain controller, if you run the dcpromo again, it will demote the machine back to the workgroup.

however, after adding the PC to the remote DC, you dont need to run the dcpromo command.
0
 

Author Comment

by:ragot
Comment Utility
thanks but i want that DC to be part of the remote DC.
0
 
LVL 5

Expert Comment

by:logideepak
Comment Utility
Have you installed your DC as a part of the existing Forest of the Remote DC?
0
 

Author Comment

by:ragot
Comment Utility
i think not yet, can you tell me how to install?
0
 
LVL 27

Expert Comment

by:KenMcF
Comment Utility
ragot
To give you an accurate answer we will need to know your topology.

Do you have a seperate AD forest at this remote site you want this DC to be a part of?
Is this DC just moving to a seperate subnet within your company and will still be apart of the same forest?

Here is a link on how to run DCPromo, but it may not fit your senerio.

http://www.petri.co.il/how_to_install_active_directory_on_windows_2003.htm
0
 

Author Comment

by:ragot
Comment Utility
Do you have a seperate AD forest at this remote site you want this DC to be a part of? - this is the one.
i already joined the dc into another AD forest. i can logon administrator with the same domain on different subnet. problem is i cannot login my new created user account from AD. i got the error message " The local policy of this system does not permit you to logon interactively "
0
 
LVL 27

Expert Comment

by:KenMcF
Comment Utility
Are you trying to login to a Domain Controller with a user account you created? or it is juts a server?

If it is a server make sure that user is at least in the Remote Desktop User group. If it is the Domain Controller the user will need to be in the domain admins group.
0
 

Author Comment

by:ragot
Comment Utility

 wow it works now after setting it as a member of remote desktop user group.
 will there be no problem if i created a user account and logon to client machine?
 and is there any DNS forwarding that needs to be setup on the instructions above? ( please refer to logideepak's first reply )

 thanks!
0
 
LVL 27

Expert Comment

by:KenMcF
Comment Utility
If you need to get name resolution for the other domain you can setup conditional forwaders in each domain. See link below

You should be able to login into client computers with new accounts on the same domain.



http://msmvps.com/blogs/ad/archive/2008/09/05/how-to-configure-conditional-forwarders-in-windows-server-2008.aspx
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:ragot
Comment Utility
thanks KenMcF, how will i know if i need to get name resolution for the other domain?
do you have link for server 2003? thanks
0
 
LVL 27

Expert Comment

by:KenMcF
Comment Utility
That link has a screen shot from 2003. It is labled old way.

If you do not need to access any resources on the other domain then you should not need to configure the forwarders.
0
 

Author Comment

by:ragot
Comment Utility
oh i see. we need to access files on both domain. can you help me how to do the configuration for forwarders? many thanks
0
 
LVL 27

Expert Comment

by:KenMcF
Comment Utility
Look at this link for setting up conditional forwaders.

You would just put the domain name in for the remote domain and the IP of the DNS server.

http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
0
 

Author Comment

by:ragot
Comment Utility

 scenario
 DC1 - " other DC "
 DC2 - demoted and join " other DC "

 you mean i will input the DNS of DC2 into forwarder settings? am i correct?
0
 
LVL 27

Expert Comment

by:KenMcF
Comment Utility
You have two forests now. So call them forest1 and forest2

forest1 = domain1.local

forest2 = domain2.dns

in forest1 create a conditional forwader for domain2.dns and points to a DNS server in domain2.dns

in forest2 create a conditional forwader for domain1.local and points to a DNS server in domain1.local
0
 

Author Comment

by:ragot
Comment Utility

 thanks KenMcF! if i demote the DC, do i need to reconfigure the DHCP server after joining it to other domain?
0
 
LVL 27

Expert Comment

by:KenMcF
Comment Utility
You will need to authorize the DHCP server in the new domain and I would verify the settings are correct like the DNS servers.
0
 

Author Comment

by:ragot
Comment Utility

 thanks. how about the files?, they will not be deleted right? i just have to reassign access rights to them?
0
 
LVL 27

Expert Comment

by:KenMcF
Comment Utility
Files will not be deleted. Since it is a new domain you will need to reassign permissions.
0
 

Author Comment

by:ragot
Comment Utility

 thanks. no need to create another AD on forest2 right? i will just use the forest1 AD ( which is the one i joined to ) or it better to create?
0
 

Author Closing Comment

by:ragot
Comment Utility
awesome! thanks
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now