moving PC from first DC to second DC


I have 2 Domain Controllers.

First DC running Windows server 2000:

Second DC running Windows 2003 SP2:

In the first DC, there are 80 PCs in Computers container. Now I want to move all 80 PCs from first DC to second DC computers container.

Could you please guide me in details how should I do it in step by step? Thank you.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If they are both on the same domain, you don't need to do anything.  If you want to remove the old DC, then promote the new one to master and then demote the old one.  You can do this via dcpromote.
phucdkAuthor Commented:
Thank you for your speedy reply, I would like to ask you some questions

1. If I do dcpromote in Server 2003, will all the PCs from windows server 2000 be moved to server 2003?

2. If during the time I do dcpromote in windows 2003, is there any downtime/affect in those PC in server 2000?

3. After I do dcpromote in Windows 2003, can I just shutdown windows 2000 DC?
The PCs are connected to a single DC.  They get a list of DCs and will use a secondary if the primary fails.

There will be no downtime if you promote the 2003.

You will need to run dcpromote on the windows 2000 dc to remove it as a DC, otherwise it will stay active as a DC and simply show as offline.
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Sorry the command is actually dcpromo, I used dcpromote so you would know what it does.
Prashant GirennavarCommented:
Dcpromo command line is used to promote window server 2000/2003/2008 as Domain controllers.
It is nothing to do with your requirement.

So no need of running any Dcpromo on window server 2003 ( As it already a domain controller).

You simply have to move the PC to subnet where windwo server 2003 Exists.

For eg - window server 2000 subnet is and all clients have IP address which belongs to same subnet (

Now your windows server 2003 subnet is and you want all 80 PC's to move to this subnets then you can Create scope in DHCP  so that client can automatically get the IP address ranging series.

Hope this helps.

Let me know if you have any question here.


I assumed both were part of the same domain, hence his and The subnet is irrelevant.
dcpromo needs to be used to transfer all of the FSMO roles.  If this is not done there will be trouble is the 2000 server which has the roles, is taken offline.
dcpromo is used on the Windows 2000 server to remove it as a DC.
You will require to transfer the roles to the 2DC before dcpromo down the first DC.
phucdkAuthor Commented:
Thank you both of you for your inputs,

I just run dcpromo in windows 2000 and get some popup which I attached them here

In the second picture, should I mark a check box to "This server is the last domain controller in the domain"

BTW, both DCs have this IP

After I finished these steps above, am I going to run dcpromo in Windows server 2003?
You need to run the DC promo on the 2003 server first to transfer the FMSO roles to it.  Once that is done, you can use the DCPromo to demote the 2000 server.  At that point you will NOT check off the box that this is the last domain controller in the domain.
I just run dcpromo in windows 2000 and get some popup which I attached them here
-- make sure your new server is also Global catalog..

In the second picture, should I mark a check box to "This server is the last domain controller in the domain"

--- no do not select the check box else your domain will be cleared.
Leon FesterSenior Solutions ArchitectCommented:
Before you get the wrong instructions...
Please can you confirm what you mean by:
First DC running Windows server 2000:
Second DC running Windows 2003 SP2:

Are those the names of the servers or names of domains?
If servers then they're in the same domain, so thhen you should see the same details in both DC's, and shouldn't need to move the computers.
Run the following tests on each DC and check for replication errors.
repladmin /showrepl
dcdiag /v

If they are different domains, then running DCPROMO will remove that domain entirely.
You would need to do a domain migration using the ADMT tool.
phucdkAuthor Commented:
I just run dcpromo in Windows server 2003 and got the same message popup, but this time I HAVE TO check in the check box "This server is the last domain controller in the domain" ?

When I click next, it will transfer the FMSO roles from server 2000 to server 2003 right ?

After finishing promote/transfer FMSO in server 2003, I just run windows 2000 and NOT check off the box This server is the last domain controller in the domain" ?

This is the production environment therefore I apology if I asked twice. I just want to make sure everything doing the right way.

Thanks and regards,
Except for one detail.  Do not check the box on either server.  Once you tyransfer to the roles over and demote the 2000 server, it doesn't matter if it is the last.  It would be implied by removing the 2000 server.
1 you do not have to run dcpromo on 2003 if it is already a domain Controller.
2 you require to run dcpromo on 2003 if it is not yet a Domain controller.
3 ones you are sure your new server is already domain controller and have replicated all the information then run dcpromo on old server.
4. do not select check box " this is last domain controller on the domain" when demoting old server.
Here is an artcile on transfering FSMO roles.
Leon FesterSenior Solutions ArchitectCommented:
You will only get the check box for last DC is that is the last DC in your domain.
Run the following on both Domain Controllers to confirm what servers are holding the FSMO roles.
netdom query fsmo

Based on the prompts you're receiving after DCPROMO, it sounds like these two DC's are not part of the same domain.
phucdkAuthor Commented:
Thank you dvt_localboy for your inputs and I would like to answer your question above

First DC running Windows server 2000:

Second DC running Windows 2003 SP2:

Are those the names of the servers or names of domains? These are the name of the domains ? because I just check each server, I could see were

Server 2000:

Server 2003:
Leon FesterSenior Solutions ArchitectCommented:
Then those servers are in different domains.
You will need to migrate those workstations from one domain to another domain.

Have a look at the ADMT tool for migrating workstations/servers between domains.

In your scenario, I think you'll probably need to look at the "Intraforest Active Directory domain restructure"

Can you please run the following commands on both Domain Controllers.

netdom query fsmo
netdom query trust

It will help us understand if you're running a forest with multiple domains or if you're running two forests.
phucdkAuthor Commented:
I am trying to run netdom query fsmo on both server 2000 and 2003 command prompt but can not execute the command.

Am I doing correct at running at command prompt or where I have to run the command? Thanks
Leon FesterSenior Solutions ArchitectCommented:
Netdom is available in the Windows Resource Kit or the Windows Support tools.
Check the CD or download it from the following sites.
No need to restart the servers after installation.

Windows 2003

Windows 2000
phucdkAuthor Commented:
From Server 2000:
Running netdom query fsmo, I got this result

Schema owner            

Domain role owner

PDC role                

RID pool manager  

Infrastructure owner


From Server 2003:
Running netdom query fsmo, I got this result

Schema owner            

Domain role owner

PDC role                

RID pool manager  

Infrastructure owner

However, when I run netdom query trust on Server 2000. I got this result
Direction Trusted\Trusting domain
========= =======================



The command completed successfully

And when I run  netdom query trust on Server 2003, I got this result
Direction Trusted\Trusting domain
========= =======================

The command completed successfully

So, could you please guide me what should I do now?
Leon FesterSenior Solutions ArchitectCommented:
These results tell us the following about your domains: and are not part of the same domain, nor are they part of the same forest. and do not have a trust between them.

If you don't move the users as well as the workstations then you won't be able to logon to these workstations again.

The way you'd move objects between these two domains is to create a domain trust and then use the ADMT tool to migrate users from one domain to the other.

So now I need to ask the question, why do you want to move the computer objects?
Would it be correct to assume that was built to replace

If all you wanted to do was migrate from Windows 2000 to Windows 2003 then it would be easier to:
A. delete domain (assumming there is no users/computers configured i there currently)
B. install the new DC directly into your Windows 2000 domain as a member server of
C. promote da39c to become a domain controller in You'll now have
D. move the FSMO roles to the new server,
E. move DHCP, DNS and WINS from the 2000 DC to the 2003 DC.
F. demote the 2000DC.

So before you do anything, can you please take a little more time to explain your objective and reasons?
That way we can help you make an informed decision about what, when and where to do each of the actions.
phucdkAuthor Commented:
Hi dvt_localboy

Thank you very much for a detail analysis. I think I should describe more in my objective so we can have the best result.

This setup was built already; the company has Windows 2000 and exchange 2000 from the beginning. After that they built a windows server 2003 and promote it as a DC. However, this server is a DC itself as I have described.

And now they want to build an exchange 2010 on windows 2008R2. I have setup Exchange 2010 and joined this exchange server to DC server 2003. The purpose is they want to replace the exchange 2000; all the user mailboxes from exchange 2000 will be migrate to Exchange 2010. At last will get rid of DC server 2000.

Because they are having their own software system setup on DC server 2003, that’s why they don’t want to mess it up and want to have exchange 2010 on Win2008R2.

Therefore, I am trying to move all objects from DC server 2000 to DC server 2003.

Regarding to your question.
I want to move the computer objects to DC server 2003 because the DC server 2000 will be taking off as planed.

I have read your advice about migrate from Win 2000 to Win 2003, it is a very nice guidance indeed. Unfortunately, the scenario now is like I just said. What I want to do now is steps to move all objects from Win 2000 to Win 2003. Or the best way to achieve my goal that moves everything from Win 2000 to Win 2003.

And by the way, I don’t know if I have to open another question to ask about this.

Could you please advice me how should I move the mailbox from exchange 2000 to exchange 2010. I am planning do it manually (export/import pst files).

Please keep shooting the question if you are unclear in any points. Thank you so much for trying to help me.

phucdkAuthor Commented:
This is my network environment
Leon FesterSenior Solutions ArchitectCommented:
I think I've got a clear picture of what you want to do.
Have you considered; instead of deleting the entire domain, why not just upgrade the WINDOWS 2000 domain to a WINDOWS 2008 domain?
You can then dcpromo the Windows 2000 server at the end.
No user/workstation/server account moves or permissions changes.

You can then do the same for Exchange 2000 in the domain.

This obviously requires that you remove exchange 2010 from the domain.

This route is less headache than the alternative which is a domain migration from to
You'd need to move the user accounts, computers and servers using the ADMT tool.
And then do the Windows 2008 upgrade.

So for the next few posts, stop thinking about the Versions of the DC's.
I need you to think about where the majority of your users and computers reside.
How are you currently managing access and permissions between the domains?
Does each user have more than 1 account?
Is the application on Windows 2003 only used by a few users or maybe shared with clients?
Leon FesterSenior Solutions ArchitectCommented:
I forgot to add another option, of using Exchange 2010 to create linked mailboxes.
You'd still do a domain upgrade from Windows 2000 to Windows 2008 for domain, but you don't need to delete Exchange from domain

The biggest issue would be administering two domains as small companies don't always have the resources for this.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.