remove one member server to function as dc in another domain?

Posted on 2011-03-01
Last Modified: 2012-05-11
I've been asked to pick up a windows server 2003 box(member server) which has been configured on a single domain controller domain, remove it from this domain.
They want me to try to remove it from this domain and configure it to be a domain controller for an entirely different domain.

The new location this server would be installed currently has a windows nt domain configured, This new server would have to be configured as a replacement domain controller for the windows nt domain controller.
Now I do believe The new server doesn't need to be using the same domain name, As I've been told to figure out a way to make it work.
Neither server has anything documented on configuration.

I know the new server needs to be configured as the only domain controller in either the new location's existing domain or a new domain whichever i see fit.
I've really got next to no experience with active directory configuration.

Bottom line remove a member server from one domain and configure it to be a domain controller at another location .
My concern is how the old windows nt domain controller is configured.
The windows nt domain is controlling access for members of that domain to get to resources on one member server connected to this domain(nt domain).
Hopefully this is clear as I'm coming back to work from being sick I still have some residual cold symptoms.

Please help me with where to start in this big endeavor, btw telling the boss I can't do it isn't an option as they'll make me try to figure it out.
Question by:techguy1979
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 74

Expert Comment

by:Glen Knight
ID: 35007962
so this server is just a member server at the moment?

If so then not a problem, simply disjoin the server from the domain by making it a member of a workgroup then take it away and run DCPROMO on it to make it a domain controller and since it's a new domain you would follow the DCPROMO instructions for a new domain.

Expert Comment

ID: 35008102
As demazter stated, you will first need to remove the member server from the AD domain it is currently in.

To do this, simply right click My Computer, select Properties.  Go to the Computer Name area, click change and remove it from the domain by adding it to ANY workgroup name you want.  You can put just one simple letter if you choose, or set it back to "workgroup" or whatever you like, it's not going to matter in a minute.

Reboot the machine twice, just to make sure it's clear it knows what's up.

Now plug it into the domain network that you are moving it to, set it's IP address on the network to a static IP within that network range that you are 100% sure is free and will never be handed out by DHCP.

Next, go back to the My Computer - Properties - Computer Name area, and have it join the domain you want it to be able to soon be a Domain Controller of.

Reboot it to let it join the domain.
Log onto the machine as administrator of the NT Domain you are about to reconfigure.
Run "DCPROMO" from the command line.  Have it go through the process of becoming a domain controller on that domain.

You're then going to likely need to reboot again, then arrange that the 2003 server become the master of the domain, by taking over the roles, like FSMO and etc..

Once thats done, you can DCPROMO the NT domain controller out of the picture and remove it.

Here's a couple more detailed instructionals:


Author Comment

ID: 35008524
my concerns are adding this 2003 server to a windows nt domain and the process involved.
It's my understanding that If i take down the nt domain controller I won't be able to log into any of the workstations on the nt domain with domain user credentials, and we don't have any document of the local logins for the computers on the nt network. When i did have access to the windows nt server it looked really primitive and I really couldn't figure out how it was configured, other then it was using some form of user manager.
On the Nt server I can't figure out if this domain controller is tied to any outside domains or other domain controllers.
I'm really nervous about this situation, I've lost sleep over it because I'm not sure if I'll be able to get things done without locking out certain user accounts or member servers, that need to be accessible.

Accepted Solution

LectricX earned 500 total points
ID: 35009018
If you add a 2003 server to the domain where the NT server is domain controller, and then run DCPROMO like it has been suggested, then the 2003 server will become a secondary domain controller within that domain.  

This means that all user accounts, computer accounts, and rights and details will be stored on a duplicate copy of Active Directory on the 2003 server.

Then you can consider moving the 2003 server to the master FSMO role holder in the domain, and also consider shutting down the NT domain controller.

This is the process that allows you to upgrade.  It's well documented and supported.

If you get at least that far, you can always just SHUT DOWN the NT server late one night and see if the 2003 server continues to manage your authentication & rights before you do any major changes to the NT server.

1000's of corporations have gone through that upgrade process, so your concern is warranted, but there will be plenty of answers to any problem you run into!

Author Closing Comment

ID: 35009585

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS forwarders "unable to resolve" 1 69
DC with error SChannel ID 36888 3 48
DC dynamic port change? 1 17
Automate and generate Azure reports for the following items 3 45
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question