Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


remove one member server to function as dc in another domain?

Posted on 2011-03-01
Medium Priority
Last Modified: 2012-05-11
I've been asked to pick up a windows server 2003 box(member server) which has been configured on a single domain controller domain, remove it from this domain.
They want me to try to remove it from this domain and configure it to be a domain controller for an entirely different domain.

The new location this server would be installed currently has a windows nt domain configured, This new server would have to be configured as a replacement domain controller for the windows nt domain controller.
Now I do believe The new server doesn't need to be using the same domain name, As I've been told to figure out a way to make it work.
Neither server has anything documented on configuration.

I know the new server needs to be configured as the only domain controller in either the new location's existing domain or a new domain whichever i see fit.
I've really got next to no experience with active directory configuration.

Bottom line remove a member server from one domain and configure it to be a domain controller at another location .
My concern is how the old windows nt domain controller is configured.
The windows nt domain is controlling access for members of that domain to get to resources on one member server connected to this domain(nt domain).
Hopefully this is clear as I'm coming back to work from being sick I still have some residual cold symptoms.

Please help me with where to start in this big endeavor, btw telling the boss I can't do it isn't an option as they'll make me try to figure it out.
Question by:techguy1979
  • 2
  • 2
LVL 74

Expert Comment

by:Glen Knight
ID: 35007962
so this server is just a member server at the moment?

If so then not a problem, simply disjoin the server from the domain by making it a member of a workgroup then take it away and run DCPROMO on it to make it a domain controller and since it's a new domain you would follow the DCPROMO instructions for a new domain.

Expert Comment

by:Nathan P
ID: 35008102
As demazter stated, you will first need to remove the member server from the AD domain it is currently in.

To do this, simply right click My Computer, select Properties.  Go to the Computer Name area, click change and remove it from the domain by adding it to ANY workgroup name you want.  You can put just one simple letter if you choose, or set it back to "workgroup" or whatever you like, it's not going to matter in a minute.

Reboot the machine twice, just to make sure it's clear it knows what's up.

Now plug it into the domain network that you are moving it to, set it's IP address on the network to a static IP within that network range that you are 100% sure is free and will never be handed out by DHCP.

Next, go back to the My Computer - Properties - Computer Name area, and have it join the domain you want it to be able to soon be a Domain Controller of.

Reboot it to let it join the domain.
Log onto the machine as administrator of the NT Domain you are about to reconfigure.
Run "DCPROMO" from the command line.  Have it go through the process of becoming a domain controller on that domain.

You're then going to likely need to reboot again, then arrange that the 2003 server become the master of the domain, by taking over the roles, like FSMO and etc..

Once thats done, you can DCPROMO the NT domain controller out of the picture and remove it.

Here's a couple more detailed instructionals:
TECHNET:  http://technet.microsoft.com/en-us/library/cc782476(v=ws.10).aspx
TECHNET:  http://technet.microsoft.com/en-us/library/cc781631(v=ws.10).aspx
GETACLUE:  http://www.networkclue.com/os/Windows/server/nt-2003-migration.aspx
WINDOWSNETWORKING:  http://www.windowsnetworking.com/articles_tutorials/Upgrading-Windows-NT-2000-Windows-2003-Part1.html


Author Comment

ID: 35008524
my concerns are adding this 2003 server to a windows nt domain and the process involved.
It's my understanding that If i take down the nt domain controller I won't be able to log into any of the workstations on the nt domain with domain user credentials, and we don't have any document of the local logins for the computers on the nt network. When i did have access to the windows nt server it looked really primitive and I really couldn't figure out how it was configured, other then it was using some form of user manager.
On the Nt server I can't figure out if this domain controller is tied to any outside domains or other domain controllers.
I'm really nervous about this situation, I've lost sleep over it because I'm not sure if I'll be able to get things done without locking out certain user accounts or member servers, that need to be accessible.

Accepted Solution

Nathan P earned 2000 total points
ID: 35009018
If you add a 2003 server to the domain where the NT server is domain controller, and then run DCPROMO like it has been suggested, then the 2003 server will become a secondary domain controller within that domain.  

This means that all user accounts, computer accounts, and rights and details will be stored on a duplicate copy of Active Directory on the 2003 server.

Then you can consider moving the 2003 server to the master FSMO role holder in the domain, and also consider shutting down the NT domain controller.

This is the process that allows you to upgrade.  It's well documented and supported.

If you get at least that far, you can always just SHUT DOWN the NT server late one night and see if the 2003 server continues to manage your authentication & rights before you do any major changes to the NT server.

1000's of corporations have gone through that upgrade process, so your concern is warranted, but there will be plenty of answers to any problem you run into!

Author Closing Comment

ID: 35009585

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question