Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


remove one member server to function as dc in another domain?

Posted on 2011-03-01
Medium Priority
Last Modified: 2012-05-11
I've been asked to pick up a windows server 2003 box(member server) which has been configured on a single domain controller domain, remove it from this domain.
They want me to try to remove it from this domain and configure it to be a domain controller for an entirely different domain.

The new location this server would be installed currently has a windows nt domain configured, This new server would have to be configured as a replacement domain controller for the windows nt domain controller.
Now I do believe The new server doesn't need to be using the same domain name, As I've been told to figure out a way to make it work.
Neither server has anything documented on configuration.

I know the new server needs to be configured as the only domain controller in either the new location's existing domain or a new domain whichever i see fit.
I've really got next to no experience with active directory configuration.

Bottom line remove a member server from one domain and configure it to be a domain controller at another location .
My concern is how the old windows nt domain controller is configured.
The windows nt domain is controlling access for members of that domain to get to resources on one member server connected to this domain(nt domain).
Hopefully this is clear as I'm coming back to work from being sick I still have some residual cold symptoms.

Please help me with where to start in this big endeavor, btw telling the boss I can't do it isn't an option as they'll make me try to figure it out.
Question by:techguy1979
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
LVL 74

Expert Comment

by:Glen Knight
ID: 35007962
so this server is just a member server at the moment?

If so then not a problem, simply disjoin the server from the domain by making it a member of a workgroup then take it away and run DCPROMO on it to make it a domain controller and since it's a new domain you would follow the DCPROMO instructions for a new domain.

Expert Comment

by:Nathan P
ID: 35008102
As demazter stated, you will first need to remove the member server from the AD domain it is currently in.

To do this, simply right click My Computer, select Properties.  Go to the Computer Name area, click change and remove it from the domain by adding it to ANY workgroup name you want.  You can put just one simple letter if you choose, or set it back to "workgroup" or whatever you like, it's not going to matter in a minute.

Reboot the machine twice, just to make sure it's clear it knows what's up.

Now plug it into the domain network that you are moving it to, set it's IP address on the network to a static IP within that network range that you are 100% sure is free and will never be handed out by DHCP.

Next, go back to the My Computer - Properties - Computer Name area, and have it join the domain you want it to be able to soon be a Domain Controller of.

Reboot it to let it join the domain.
Log onto the machine as administrator of the NT Domain you are about to reconfigure.
Run "DCPROMO" from the command line.  Have it go through the process of becoming a domain controller on that domain.

You're then going to likely need to reboot again, then arrange that the 2003 server become the master of the domain, by taking over the roles, like FSMO and etc..

Once thats done, you can DCPROMO the NT domain controller out of the picture and remove it.

Here's a couple more detailed instructionals:
TECHNET:  http://technet.microsoft.com/en-us/library/cc782476(v=ws.10).aspx
TECHNET:  http://technet.microsoft.com/en-us/library/cc781631(v=ws.10).aspx
GETACLUE:  http://www.networkclue.com/os/Windows/server/nt-2003-migration.aspx
WINDOWSNETWORKING:  http://www.windowsnetworking.com/articles_tutorials/Upgrading-Windows-NT-2000-Windows-2003-Part1.html


Author Comment

ID: 35008524
my concerns are adding this 2003 server to a windows nt domain and the process involved.
It's my understanding that If i take down the nt domain controller I won't be able to log into any of the workstations on the nt domain with domain user credentials, and we don't have any document of the local logins for the computers on the nt network. When i did have access to the windows nt server it looked really primitive and I really couldn't figure out how it was configured, other then it was using some form of user manager.
On the Nt server I can't figure out if this domain controller is tied to any outside domains or other domain controllers.
I'm really nervous about this situation, I've lost sleep over it because I'm not sure if I'll be able to get things done without locking out certain user accounts or member servers, that need to be accessible.

Accepted Solution

Nathan P earned 2000 total points
ID: 35009018
If you add a 2003 server to the domain where the NT server is domain controller, and then run DCPROMO like it has been suggested, then the 2003 server will become a secondary domain controller within that domain.  

This means that all user accounts, computer accounts, and rights and details will be stored on a duplicate copy of Active Directory on the 2003 server.

Then you can consider moving the 2003 server to the master FSMO role holder in the domain, and also consider shutting down the NT domain controller.

This is the process that allows you to upgrade.  It's well documented and supported.

If you get at least that far, you can always just SHUT DOWN the NT server late one night and see if the 2003 server continues to manage your authentication & rights before you do any major changes to the NT server.

1000's of corporations have gone through that upgrade process, so your concern is warranted, but there will be plenty of answers to any problem you run into!

Author Closing Comment

ID: 35009585

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question