Link to home
Start Free TrialLog in
Avatar of Alexey91
Alexey91

asked on

Decommissioning Old Domain Controllers

Hello,

I am in the process of upgrading small domain from Windows 2000 to Windows 2008.  The domain originally had 1 WIN2000 DC, I have installed 2 new WIN2008 DCs, so right now the domain has 3 DCs.

I am ready to demote WIN2000 DC.  However I just have one issue that I wanted to get verified.  When I login to most member servers and type “set “command, among other information, the LOGONSERVER lists old WIN2000 DC.  

What would happen to those member servers that have the old DC listed as their LOGONSERVER if I demote and decommission the old DC?

Thanks,
Alex
SOLUTION
Avatar of Mike Kline
Mike Kline
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Alexey91
Alexey91

ASKER

I have done all of the migration work, I just wanted to see if I need to do anything to the member servers.  I didn't think so, but I just wanted to double check.

Also is it a good idea to shutdown the domain controller for extended period of time and then bringing it back up.  Don't they have to be all synchronized and replicated?  Can I run into any issues with demoting old DC if I shut it off for week or two and then bring it back up?

Alex
As long as you don't shut it down for longer than the tombstone lifetime (in your case probably still 60 days form the W2k installation), there will be no issues. AD can deal with this.
Actually, talking about the tombstone lifetime, you might want to check the current value. I'm not sure whether the W2k8 adprep changes it automatically to the value Microsoft considers useful since W2k3 SP1 (180 days).
Details here:
Useful shelf life of a system-state backup of Active Directory
http://support.microsoft.com/kb/216993
Also ensure that if you have static IP addresses on all your member servers that you have set the correct IP for DNS as it would normally have been your win2k server, Its now needs to be one of your 2k8 AD servers running DNS.

A simple thing but often overlooked and causes panincs when you turn off the win2k server.
You can check the tombstone level running the below command

dsquery * "cn=directory service,cn=windows nt,cn=services,cn=configuration,dc=<forestDN>" –scope base –attr tombstonelifetime

But if you are running Windows 2003 Server SP1 tombstone should already be 180 days. If you are running Windows 2003 Server R2 SP1 then the tombstone level is running at 60 Days.

http://msmvps.com/blogs/ulfbsimonweidner/archive/2010/02/10/adjusting-the-tombstone-lifetime.aspx
although it is worth checkiong the tombstone settings, it is unlikely to be less than a week so I'd recommend the initial suggestions of shutting down the old DC for a few days/a week and getting users to log on and off as normal. Tihs will make it very easy to assess issues and you can turn the server straight back on as soon as a problem is identified.

This is definately the best option to start with.