remove one member server to function as dc in another domain?

Posted on 2011-03-01
Last Modified: 2012-05-11
I've been asked to pick up a windows server 2003 box(member server) which has been configured on a single domain controller domain, remove it from this domain.
They want me to try to remove it from this domain and configure it to be a domain controller for an entirely different domain.

The new location this server would be installed currently has a windows nt domain configured, This new server would have to be configured as a replacement domain controller for the windows nt domain controller.
Now I do believe The new server doesn't need to be using the same domain name, As I've been told to figure out a way to make it work.
Neither server has anything documented on configuration.

I know the new server needs to be configured as the only domain controller in either the new location's existing domain or a new domain whichever i see fit.
I've really got next to no experience with active directory configuration.

Bottom line remove a member server from one domain and configure it to be a domain controller at another location .
My concern is how the old windows nt domain controller is configured.
The windows nt domain is controlling access for members of that domain to get to resources on one member server connected to this domain(nt domain).
Hopefully this is clear as I'm coming back to work from being sick I still have some residual cold symptoms.

Please help me with where to start in this big endeavor, btw telling the boss I can't do it isn't an option as they'll make me try to figure it out.
Question by:techguy1979
  • 2
  • 2
LVL 74

Expert Comment

by:Glen Knight
ID: 35007962
so this server is just a member server at the moment?

If so then not a problem, simply disjoin the server from the domain by making it a member of a workgroup then take it away and run DCPROMO on it to make it a domain controller and since it's a new domain you would follow the DCPROMO instructions for a new domain.

Expert Comment

ID: 35008102
As demazter stated, you will first need to remove the member server from the AD domain it is currently in.

To do this, simply right click My Computer, select Properties.  Go to the Computer Name area, click change and remove it from the domain by adding it to ANY workgroup name you want.  You can put just one simple letter if you choose, or set it back to "workgroup" or whatever you like, it's not going to matter in a minute.

Reboot the machine twice, just to make sure it's clear it knows what's up.

Now plug it into the domain network that you are moving it to, set it's IP address on the network to a static IP within that network range that you are 100% sure is free and will never be handed out by DHCP.

Next, go back to the My Computer - Properties - Computer Name area, and have it join the domain you want it to be able to soon be a Domain Controller of.

Reboot it to let it join the domain.
Log onto the machine as administrator of the NT Domain you are about to reconfigure.
Run "DCPROMO" from the command line.  Have it go through the process of becoming a domain controller on that domain.

You're then going to likely need to reboot again, then arrange that the 2003 server become the master of the domain, by taking over the roles, like FSMO and etc..

Once thats done, you can DCPROMO the NT domain controller out of the picture and remove it.

Here's a couple more detailed instructionals:


Author Comment

ID: 35008524
my concerns are adding this 2003 server to a windows nt domain and the process involved.
It's my understanding that If i take down the nt domain controller I won't be able to log into any of the workstations on the nt domain with domain user credentials, and we don't have any document of the local logins for the computers on the nt network. When i did have access to the windows nt server it looked really primitive and I really couldn't figure out how it was configured, other then it was using some form of user manager.
On the Nt server I can't figure out if this domain controller is tied to any outside domains or other domain controllers.
I'm really nervous about this situation, I've lost sleep over it because I'm not sure if I'll be able to get things done without locking out certain user accounts or member servers, that need to be accessible.

Accepted Solution

LectricX earned 500 total points
ID: 35009018
If you add a 2003 server to the domain where the NT server is domain controller, and then run DCPROMO like it has been suggested, then the 2003 server will become a secondary domain controller within that domain.  

This means that all user accounts, computer accounts, and rights and details will be stored on a duplicate copy of Active Directory on the 2003 server.

Then you can consider moving the 2003 server to the master FSMO role holder in the domain, and also consider shutting down the NT domain controller.

This is the process that allows you to upgrade.  It's well documented and supported.

If you get at least that far, you can always just SHUT DOWN the NT server late one night and see if the 2003 server continues to manage your authentication & rights before you do any major changes to the NT server.

1000's of corporations have gone through that upgrade process, so your concern is warranted, but there will be plenty of answers to any problem you run into!

Author Closing Comment

ID: 35009585

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Last week, our Skyport webinar on “How to secure your Active Directory” ( provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question