Starquest321
asked on
Retire Domain
I need to make some domain controller changes. I need to KILL (properly clean up from AD) fileserver2 and make vmdomain the machine against which all authenticate against and ultimately remove domain4a and domain6 and setup another backup DC machine. What is the best way to do it? (vmdomain is a 2003 server which has been properly installed)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You need to clean metadata for filerserver02, I will upload a doc on how to do this.
Where are your FSMO roles? Which DC are holding them? Can you run "netdom /query fsmo" from a command prompt please?
Where are your FSMO roles? Which DC are holding them? Can you run "netdom /query fsmo" from a command prompt please?
ASKER
netdom /query fsmo is an unrecognized filename .. .from which directory do I need to run it?
Run it on a DC?
ASKER
C:\WINDOWS>netdom /query fsmo
'netdom' is not recognized as an internal or external command,
operable program or batch file.
'netdom' is not recognized as an internal or external command,
operable program or batch file.
I've attached the file, just delete the .txt and run it from your client.
netdom.exe.txt
netdom.exe.txt
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If the roles are already on vmdomain then you don't need to seize them, I was trying to find out which server they are on currently
ASKER
the computer domain4a has them .. . how can I move them?
If the roles already exist on VMDOMAIN, they they won't be moved.
If the roles already exist on one of the working DC's, and you try seizing them, then NDTSUTIL will first try to transfer the roles gracefully before seizing them. In this case, if the Role holder can be found then the transfer will be executed.
If FILESERVER2 had the roles, then seizing will be executed and the roles transferred to VMDOMAIN.
If the roles already exist on one of the working DC's, and you try seizing them, then NDTSUTIL will first try to transfer the roles gracefully before seizing them. In this case, if the Role holder can be found then the transfer will be executed.
If FILESERVER2 had the roles, then seizing will be executed and the roles transferred to VMDOMAIN.
I've already posted links above on how to move the roles.
Use NTDSUTIL. Make sure you a member of schema admins
Roles
connections
connect to server vmdomain
q
transfer pdc
transfer rid master
transfer infrastructure master
transfer schema master
transfer domain naming master
I've attached a doc on how to clean fileserver from metadata Clean-up-Active-Directory-after-.docx
Roles
connections
connect to server vmdomain
q
transfer pdc
transfer rid master
transfer infrastructure master
transfer schema master
transfer domain naming master
I've attached a doc on how to clean fileserver from metadata Clean-up-Active-Directory-after-.docx
Once you've done the above and changes replicated to all DC's, you can then demote the other two cleanly using dcpromo. i would promote your DC (backup) first before removing the two for resilience
ASKER
The DC (backup) is a new installed machine. . so do I still need to promote?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
5-20-2011-11-15-34-AM.png