I need to demote a Windows 2003 DC, but I have a Forward Lookup Zone cname record in the DNS that was created on the 2003 DC that I want to demote and I want to make sure I don't lose it on my other 2008R2 DC. The 2 DC's (2003 and 2008R2) are replicating fine and I need that forward lookup zone cname record (created on the 2003 DC) for Google Safe Search to work and Google's directions don't work on 2008R2, so I NEED that forward lookup zone cname record to stay on the 2008R2 DC.
I wish I could just keep the 2003 DC running, but I'm installing a firewall/web filter which reads AD groups on all DCs and the agent won't install on the 2003 server so I have to demote it or the people who are authenticated on the domain by the 2003 DC won't be seen by the web filter and given the privileges to certain websites. I'm at a high school and the teachers need to be able to get to youtube, facebook, etc... while I need to block the students from more of the internet.
So, in the end I just want to demote the 2003 DC to a member server, but I want to make sure I don't lose that Forward Lookup Zone cname record on the 2008R2 DC once I demote the 2003 DC. Is there something I can do on the 2008R2 server to ensure it stays? Or, am I good now so I can just demote?