Replacing server 2003 domain controllers and renaming them

Posted on 2011-04-20
Last Modified: 2012-05-11
I need to replace two aging DCs in a subdomain of my AD forest with two new DCs using the same names and IP addresses of the originals.  All the DCs are running server 2003 and the domain functional level is windows server 2003.

I've read plenty on the process of renaming a DC, but is there anything to watch out for when renaming a DC using the name of a DC that was just demoted?

Here is the setup and plan so far....

The existing DCs are DC1 and DC2.  DC1 has the RID, PDC, and infrastructure ops FSMO roles as well as DNS, DHCP, and WINS.  DC2 has the global catalog, DNS, and WINS.  The new DCs are DC1new and DC2new which are already joined to the domain and have been promoted.  

To replace DC1 with DC1new

1.)      Export WINS database from DC1 as backup.  After the rename, if I add DC2 as a WINS replication partner it should replicate the DB so I don’t need to import it manually?
2.)      Export DHCP database from DC1 using “netsh dhcp server export c:\dhcp.txt all”
3.)      Move RID, PDC, and Infrastructure ops manager roles to DC1new using ADUC and the properties tab of the domain
4.)      Verify replication is working.  What is the best way to do this?  Repadmin? Dcdiag?
5.)      Disable DHCP on DC1
6.)      Demote DC1 to member server, remove it from domain and turn it off.  Do I also need to delete it from AD sites and services?  Any other tricks to demotion?
7.)      Change IP address on DC1new to the IP of the old DC1
8.)      Rename DC1new to DC1 using the netdom steps found here
9.)      Rename sysvol member object
10.)      Import the DHCP database on the new DC1.  Since the IP is staying the same is there anything else to this step?
11.)      Setup WINS replication with DC2 (see step 1)
12.)      Done?

For renaming DC2new to DC2 I was going to follow the same plan with the exception of the DHCP steps since it isn’t running on DC2 and since the only FMSO role is global catalog, just use AD sites and services to enable the global catalog.

A final question about AD sites and services.  At the moment, the NTDS settings for DC1 and DC2 are slightly different.  DC1 only shows an auto generated connection to DC1new and DC2new.  DC2 has an auto generated connection to DC1new, DC2new, ForestDC1, and then two manually created connections to the two DCs in another subdomain.  DC1new and DC2new show auto generated connections to DC1 and DC2.  What will I need to create manually and what will be auto generated once all this madness is done?  At which point during my 12 steps listed above do I need to mess with these settings?

Question by:tferro999
    LVL 16

    Accepted Solution


    First of all, give GC function to both new DC... GC is critical, you need it to log on so you should always have at least 2 GC in your domain. The problem between Infrastructure Master and Global Catalog can be ignore if all your DCs in your domain are also GC.

    About 1) : Make new DCs replicated WINS partner of old DCs BEFORE renaming anything. Ensure the WINS replication is ok and all WINS servers have the same info. After that your can proceed renaming servers and at the end you'll remove retired WINS partners.

    About 4) : REPADMIN and DCDIAG will give your warnings if replication does work, but a visual way to check replication is to create a new object on each DC (as an example a new OU on each DC with a different name on each DC) wait 5 minutes and then go to see if all objects exist on all DCs. Then you can remove these objects.

    About 6) : yes after a demote you'll have to remove manually the object in "AD Sites and Services". Sometimes demoting do not the full job. You may have to use NTDSUTIL METADATA CLEANUP do definitly remove any traces of the old DC.

    About 7) : after a DC rename, wait some times to be sure replication has been done before proceeding to next step. If your don't wait sufficient time and go on on renaming other servers you may reach a situation where replication don't work anymore. So give time to AD replication to broadcast changes to all DCs after each step.

    About 9) : I don't understand what you're talking about saying "sysvol member object" !?

    About 11) : again, make full WINS replication at the beginning of your process. don't wait to be at step 11 to make WINS servers to replicate each other. At the end, you'll only have to remove replication partners that don't exist anymore.

    About NTDS Settings : in a normal situation a replication topology is automatically generated and you should only see auto generated connectors. Sometimes you may have to create manual connectors to match a special network physical topology.
    If you don't know why there are manual connectors you should recreate these connectors identically o the new DCs.

    Again, as there are many other DCs in the forest, after each renaming step, give time to replication to replicate each change to the whole forest ! Take a look at site links topology after each steps. Asks other domain admins to control replication problems.

    Have a good day.

    Author Comment

    Regarding the Infrastructure master and GC FSMO roles, I heard that they cannot exist on the same DC unless every DC in the entire Forest has a GC present.  Is this true, or will it work as long as both DCs in this subdomain have a GC?

    7.) I was planning on waiting at least a day in between renaming the two DCs.


    Thanks for your help with this.
    LVL 16

    Expert Comment


    About GC and Infrastructure Master, if they are hosted on the same DC the Infrastructure Master will not work. BUT if all DCs in your domain are all GCs then you'll never need the Infrastructure Master of this domain so it doesn't matter if it doesn't work.

    The infrastructure master problem is domain-level... So, whatever the situation in other domains of the forest, you just have to make a choice for your domain between 2 possibilities :

    1) Make sure that you Infra Master is not hosted on a GC so that your Infra master is functionning
    2) Or don't take care of the Infra Master and make all your domain's DCs to be GCs so that you won't need Infra Master

    Personnally, I always make the second choice for my customers : Every DC is a GC and all is ok.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
    Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now