Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Replace Windows 2003 Domain Controller

Posted on 2012-03-16
7
Medium Priority
?
442 Views
Last Modified: 2012-08-14
I have a single windows server 2003 Domain Controler. It handles DNS and DHCP as well. I have just purchased a Windows 2008 R2 server. I ran adprep on the 2003 and promoted the 2008 R2 to run as an additional domain controller. I want to retire the 2003 server. How do I transfer the dhcp role and, since I set up the 2008 as a DNS server and it has copied the DNS information from the 2003 server, can I simply point all other computers to the 2008 for DNS? Finally how do I demote the 2003 server and take it off the network?

Thanks.
0
Comment
Question by:clifford_m71
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 

Expert Comment

by:jdoldridge
ID: 37731819
To remove AD from your 2003 machine run dcpromo.exe in CMD and follow the wizard.
Yes you should be able to point your computers to 2008 for DNS and to transfer your DHCP  follow this http://blogs.technet.com/b/networking/archive/2008/06/27/steps-to-move-a-dhcp-database-from-a-windows-server-2003-or-2008-to-another-windows-server-2008-machine.aspx
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37731830
Transfer the FSMO roles, make sure the new box is also a GC.

I highly recommend you keep the 2003 box right now as a DC also until you can get another 2008 DC up.

In any production environment it is important to have at least two DCs.  Just think of only having one and that thing crashing hard.  You have a lot of work to do and your users have definite downtime.  With two the users will be fine and it will give you breathing room.

Thanks

Mike
0
 
LVL 16

Expert Comment

by:Syed_M_Usman
ID: 37733395
Dear,

i do agree with Expert Mike...

1) you should have two DC's at all the time
2) for any reason if you dont have the hardware you can use any desktop pc as temporary purpose.
3) before you demote old 2003 DC make sure you have no errors on below outputs

start>run

dcdiag /v
repadmin /showrepl

i would sugegst you keep the current 2008R2 up and running, arrange tempoary hardware (Desktop computer) install 2008R2, permote as DC/GC.

1) on extra hardware (64bit supporting) install win 2008 R2
2) check your forest/domain level (i would suggets to raise to win 2003)
3) add win 2008 r2 in your domain.
4) run adprep /forestprep on win 2003 DC (once finish wait till replicate on al other DC/GC)
5) run /domainprep (once finish wait till replicate on al other DC/GC)   refer to http://technet.microsoft.com/en-us/library/cc731728(v=ws.10).aspx

6) on win 2008 R2 server run dcpromo
7) once new 2008DCpromo finish till it replicate all (at this point dont use this DC. the DNS information will come automaticlly after some time)
8) run below command again on new win 2008DC
1) repadmin /showrepl
2) dcdiag /v
9) once susceed you need to shift FSMO roles to win 2008DC refer to

1)http://kpytko.wordpress.com/2011/08/26/transferring-fsmo-roles-from-gui
2)http://www.petri.co.il/transferring_fsmo_roles.htm

Caution : this is time consuming task, prefer to do it after office hours and make sure you follow proper procedure... and you have system backups

once all above finish you have 2 new win 2008R2 DC/GC and teh most fault tolerent hardware holding all fsmo roles and DNS

you can verify by giving below command on any dc

netdon /query fsmo

once you are satisfied you can demote win 2003 server.......
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 

Author Comment

by:clifford_m71
ID: 37742526
My apologies for taking so long to get back to this post. Thank you all for your comments.

I will keep the 2003 server on as a backup. I do have a couple of additional questions however.

Do I need to do anything to make the 2008 R2 the primary DC or will they simply share the role themselves?

How do I move the profile scripts over to the 2008 DC?

Once I move the scripts and the DHCP over to the 2008 R2, if it fails for some reason, will the old 2003 simply take over the role of DHCP and the profile scripts or would I have to do something additional after the failure?
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 37742555
There is no real concept of primary and secondary but you should transfer the FSMO roles to the 2008 R2 box.   The scripts are part of sysvol and will replicate

If you still have DHCP on 2003 then it can still service clients (lookup dhcp 80/20).

It won't take over the scripts if it is not a DC.  If it is then yes it will be redundant.

Thanks

Mike
0
 

Author Comment

by:clifford_m71
ID: 37796510
Thanks all for the information.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37797089
No problem, nice work replacing your box.

Thanks

Mike
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Let's recap what we learned from yesterday's Skyport Systems webinar.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question