Solved

remove one member server to function as dc in another domain?

Posted on 2011-03-01
5
261 Views
Last Modified: 2012-05-11
I've been asked to pick up a windows server 2003 box(member server) which has been configured on a single domain controller domain, remove it from this domain.
They want me to try to remove it from this domain and configure it to be a domain controller for an entirely different domain.

The new location this server would be installed currently has a windows nt domain configured, This new server would have to be configured as a replacement domain controller for the windows nt domain controller.
Now I do believe The new server doesn't need to be using the same domain name, As I've been told to figure out a way to make it work.
Neither server has anything documented on configuration.

I know the new server needs to be configured as the only domain controller in either the new location's existing domain or a new domain whichever i see fit.
I've really got next to no experience with active directory configuration.

Bottom line remove a member server from one domain and configure it to be a domain controller at another location .
My concern is how the old windows nt domain controller is configured.
The windows nt domain is controlling access for members of that domain to get to resources on one member server connected to this domain(nt domain).
Hopefully this is clear as I'm coming back to work from being sick I still have some residual cold symptoms.

Please help me with where to start in this big endeavor, btw telling the boss I can't do it isn't an option as they'll make me try to figure it out.
0
Comment
Question by:techguy1979
  • 2
  • 2
5 Comments
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35007962
so this server is just a member server at the moment?

If so then not a problem, simply disjoin the server from the domain by making it a member of a workgroup then take it away and run DCPROMO on it to make it a domain controller and since it's a new domain you would follow the DCPROMO instructions for a new domain.
0
 
LVL 6

Expert Comment

by:LectricX
ID: 35008102
As demazter stated, you will first need to remove the member server from the AD domain it is currently in.

To do this, simply right click My Computer, select Properties.  Go to the Computer Name area, click change and remove it from the domain by adding it to ANY workgroup name you want.  You can put just one simple letter if you choose, or set it back to "workgroup" or whatever you like, it's not going to matter in a minute.

Reboot the machine twice, just to make sure it's clear it knows what's up.

Now plug it into the domain network that you are moving it to, set it's IP address on the network to a static IP within that network range that you are 100% sure is free and will never be handed out by DHCP.

Next, go back to the My Computer - Properties - Computer Name area, and have it join the domain you want it to be able to soon be a Domain Controller of.

Reboot it to let it join the domain.
Log onto the machine as administrator of the NT Domain you are about to reconfigure.
Run "DCPROMO" from the command line.  Have it go through the process of becoming a domain controller on that domain.

You're then going to likely need to reboot again, then arrange that the 2003 server become the master of the domain, by taking over the roles, like FSMO and etc..

Once thats done, you can DCPROMO the NT domain controller out of the picture and remove it.

Here's a couple more detailed instructionals:
TECHNET:  http://technet.microsoft.com/en-us/library/cc782476(v=ws.10).aspx
TECHNET:  http://technet.microsoft.com/en-us/library/cc781631(v=ws.10).aspx
GETACLUE:  http://www.networkclue.com/os/Windows/server/nt-2003-migration.aspx
WINDOWSNETWORKING:  http://www.windowsnetworking.com/articles_tutorials/Upgrading-Windows-NT-2000-Windows-2003-Part1.html


Goodluck!
0
 

Author Comment

by:techguy1979
ID: 35008524
my concerns are adding this 2003 server to a windows nt domain and the process involved.
It's my understanding that If i take down the nt domain controller I won't be able to log into any of the workstations on the nt domain with domain user credentials, and we don't have any document of the local logins for the computers on the nt network. When i did have access to the windows nt server it looked really primitive and I really couldn't figure out how it was configured, other then it was using some form of user manager.
On the Nt server I can't figure out if this domain controller is tied to any outside domains or other domain controllers.
I'm really nervous about this situation, I've lost sleep over it because I'm not sure if I'll be able to get things done without locking out certain user accounts or member servers, that need to be accessible.
0
 
LVL 6

Accepted Solution

by:
LectricX earned 500 total points
ID: 35009018
If you add a 2003 server to the domain where the NT server is domain controller, and then run DCPROMO like it has been suggested, then the 2003 server will become a secondary domain controller within that domain.  

This means that all user accounts, computer accounts, and rights and details will be stored on a duplicate copy of Active Directory on the 2003 server.

Then you can consider moving the 2003 server to the master FSMO role holder in the domain, and also consider shutting down the NT domain controller.

This is the process that allows you to upgrade.  It's well documented and supported.

If you get at least that far, you can always just SHUT DOWN the NT server late one night and see if the 2003 server continues to manage your authentication & rights before you do any major changes to the NT server.

1000's of corporations have gone through that upgrade process, so your concern is warranted, but there will be plenty of answers to any problem you run into!
0
 

Author Closing Comment

by:techguy1979
ID: 35009585
thanks
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Failed 2008r2 6 81
Using group policy to standardize desktops profiles 4 39
active directory 11 24
GPO Delegation 4 15
[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now