Solved

Replace Windows 2003 Domain Controller

Posted on 2012-03-16
7
428 Views
Last Modified: 2012-08-14
I have a single windows server 2003 Domain Controler. It handles DNS and DHCP as well. I have just purchased a Windows 2008 R2 server. I ran adprep on the 2003 and promoted the 2008 R2 to run as an additional domain controller. I want to retire the 2003 server. How do I transfer the dhcp role and, since I set up the 2008 as a DNS server and it has copied the DNS information from the 2003 server, can I simply point all other computers to the 2008 for DNS? Finally how do I demote the 2003 server and take it off the network?

Thanks.
0
Comment
Question by:clifford_m71
7 Comments
 

Expert Comment

by:jdoldridge
ID: 37731819
To remove AD from your 2003 machine run dcpromo.exe in CMD and follow the wizard.
Yes you should be able to point your computers to 2008 for DNS and to transfer your DHCP  follow this http://blogs.technet.com/b/networking/archive/2008/06/27/steps-to-move-a-dhcp-database-from-a-windows-server-2003-or-2008-to-another-windows-server-2008-machine.aspx
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37731830
Transfer the FSMO roles, make sure the new box is also a GC.

I highly recommend you keep the 2003 box right now as a DC also until you can get another 2008 DC up.

In any production environment it is important to have at least two DCs.  Just think of only having one and that thing crashing hard.  You have a lot of work to do and your users have definite downtime.  With two the users will be fine and it will give you breathing room.

Thanks

Mike
0
 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 37733395
Dear,

i do agree with Expert Mike...

1) you should have two DC's at all the time
2) for any reason if you dont have the hardware you can use any desktop pc as temporary purpose.
3) before you demote old 2003 DC make sure you have no errors on below outputs

start>run

dcdiag /v
repadmin /showrepl

i would sugegst you keep the current 2008R2 up and running, arrange tempoary hardware (Desktop computer) install 2008R2, permote as DC/GC.

1) on extra hardware (64bit supporting) install win 2008 R2
2) check your forest/domain level (i would suggets to raise to win 2003)
3) add win 2008 r2 in your domain.
4) run adprep /forestprep on win 2003 DC (once finish wait till replicate on al other DC/GC)
5) run /domainprep (once finish wait till replicate on al other DC/GC)   refer to http://technet.microsoft.com/en-us/library/cc731728(v=ws.10).aspx

6) on win 2008 R2 server run dcpromo
7) once new 2008DCpromo finish till it replicate all (at this point dont use this DC. the DNS information will come automaticlly after some time)
8) run below command again on new win 2008DC
1) repadmin /showrepl
2) dcdiag /v
9) once susceed you need to shift FSMO roles to win 2008DC refer to

1)http://kpytko.wordpress.com/2011/08/26/transferring-fsmo-roles-from-gui
2)http://www.petri.co.il/transferring_fsmo_roles.htm

Caution : this is time consuming task, prefer to do it after office hours and make sure you follow proper procedure... and you have system backups

once all above finish you have 2 new win 2008R2 DC/GC and teh most fault tolerent hardware holding all fsmo roles and DNS

you can verify by giving below command on any dc

netdon /query fsmo

once you are satisfied you can demote win 2003 server.......
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:clifford_m71
ID: 37742526
My apologies for taking so long to get back to this post. Thank you all for your comments.

I will keep the 2003 server on as a backup. I do have a couple of additional questions however.

Do I need to do anything to make the 2008 R2 the primary DC or will they simply share the role themselves?

How do I move the profile scripts over to the 2008 DC?

Once I move the scripts and the DHCP over to the 2008 R2, if it fails for some reason, will the old 2003 simply take over the role of DHCP and the profile scripts or would I have to do something additional after the failure?
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 37742555
There is no real concept of primary and secondary but you should transfer the FSMO roles to the 2008 R2 box.   The scripts are part of sysvol and will replicate

If you still have DHCP on 2003 then it can still service clients (lookup dhcp 80/20).

It won't take over the scripts if it is not a DC.  If it is then yes it will be redundant.

Thanks

Mike
0
 

Author Comment

by:clifford_m71
ID: 37796510
Thanks all for the information.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37797089
No problem, nice work replacing your box.

Thanks

Mike
0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
GPO policy question 4 33
DHCP scope restore question Server 2003 to 2012R2 6 57
schema master 5 26
Server 2008 R2 Admin Shares not working locally or across the network 5 23
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question