Vincent2211
asked on
demote old domain controller
Hi there,
I have 2 old domain controllers 2003 (dc1 & dc2) and 1 new dc 2008 r2. The dc1 holds a FSMO role. If I want to demote dc2 to member server, what is any prerequisites need before run the dcpromo and remote it from AD.
Regards,
Van
I have 2 old domain controllers 2003 (dc1 & dc2) and 1 new dc 2008 r2. The dc1 holds a FSMO role. If I want to demote dc2 to member server, what is any prerequisites need before run the dcpromo and remote it from AD.
Regards,
Van
As you have already mention that all fsmo roles are on DC1.
You can go ahead with DCPROMO.
http://technet.microsoft.com/en-us/library/cc740017(WS.10).aspx
You can go ahead with DCPROMO.
http://technet.microsoft.com/en-us/library/cc740017(WS.10).aspx
Also make sure that dc1 is a global catalogs.
And run dcdiag on dc1 to make sure it's working properly.
And run dcdiag on dc1 to make sure it's working properly.
In most case, dcpromo will warn you, if there is a problem, if you go to depromote this dc. But follow the instructions mentioned before on Microsoft teched.
Make sure that in domain other server also hold a global catalogs.
And run dcdiag on dc1 and dc2 to make sure it's working properly and does not hold any service like certificate authority. If it's hold then migrate with anohter domain controller.
You already mention the all fsmo roles are on DC1 so you can go ahead with DCPROMO for removal.
Refer below article (http://technet.microsoft.com/en-us/library/cc740017(WS.10).aspx)
If it is failed then try to remove forcefully domain controller.
To remove forcefully domain controller please refer the below article (http://support.microsoft.com/kb/332199)
And run dcdiag on dc1 and dc2 to make sure it's working properly and does not hold any service like certificate authority. If it's hold then migrate with anohter domain controller.
You already mention the all fsmo roles are on DC1 so you can go ahead with DCPROMO for removal.
Refer below article (http://technet.microsoft.com/en-us/library/cc740017(WS.10).aspx)
If it is failed then try to remove forcefully domain controller.
To remove forcefully domain controller please refer the below article (http://support.microsoft.com/kb/332199)
The only concern would be the the Global Catalog. If you have a global catalog on another DC you can proceed with the decommission of that domain controller by running dcpromo.
Refered http://www.pbbergs.com/windows/articles/DecommissionDC.html
Output from Above article of Pbbergs
Decommissioning a dc requires all domain services that currently reside on a server need to be moved to other dc’s.
You need to move any fsmo roles from this dc to another dc (KB255960)
To learn where the roles reside run the command netdom query fsmo
If the PDCe fsmo role resided on this DC then you need to reconfigure the new holder of the PDCe to either use the internal hardware clock or an external source. I would recommend using an external source KB816042.
There needs to be at least one Global Catalog (GC) in each domain and it is recommended that there is one in each site (KB313994)
Move DNS services to other DC’s if this DC is a DNS provider. Also point all clients that use this server for DNS to the new DNS server
If AD integrated simply installing DNS on a member server prior to promotion will bring up a new DNS server
If not AD integrated and this is a primary server then a new primary server will need to be brought online. From DNS server manager the server needs to be promoted to primary
If a secondary server then make the new dc a new secondary server
If a dhcp server then the dhcp servers database needs to be backed up and copied to the new dhcp server. The old dhcp server deauthorized and the new dhcp server authorized (KB325473)
If you have Encryption File System (EFS) enabled you will need to move the private key if it resides on this dc (KB241201). You use the recovery agent's private key to recover data in situations when the copy of the EFS private key that is located on the local computer is lost
If this server manages Terminal Server Licensing (TSL) then it will have to be moved to a new DC. From Add/Remove programs you will need to add a new TSL. You can then restore the licenses by using the TS License Manager tool with the Telephone activation mechanism. You can switch to the Telephone mechanism by right clicking on the server in TS License Manager, and then selecting properties from the menu. (TS FAQ)
Finally once this is all accomplished go ahead and demote the dc to a member server (KB238369)
Output from Above article of Pbbergs
Decommissioning a dc requires all domain services that currently reside on a server need to be moved to other dc’s.
You need to move any fsmo roles from this dc to another dc (KB255960)
To learn where the roles reside run the command netdom query fsmo
If the PDCe fsmo role resided on this DC then you need to reconfigure the new holder of the PDCe to either use the internal hardware clock or an external source. I would recommend using an external source KB816042.
There needs to be at least one Global Catalog (GC) in each domain and it is recommended that there is one in each site (KB313994)
Move DNS services to other DC’s if this DC is a DNS provider. Also point all clients that use this server for DNS to the new DNS server
If AD integrated simply installing DNS on a member server prior to promotion will bring up a new DNS server
If not AD integrated and this is a primary server then a new primary server will need to be brought online. From DNS server manager the server needs to be promoted to primary
If a secondary server then make the new dc a new secondary server
If a dhcp server then the dhcp servers database needs to be backed up and copied to the new dhcp server. The old dhcp server deauthorized and the new dhcp server authorized (KB325473)
If you have Encryption File System (EFS) enabled you will need to move the private key if it resides on this dc (KB241201). You use the recovery agent's private key to recover data in situations when the copy of the EFS private key that is located on the local computer is lost
If this server manages Terminal Server Licensing (TSL) then it will have to be moved to a new DC. From Add/Remove programs you will need to add a new TSL. You can then restore the licenses by using the TS License Manager tool with the Telephone activation mechanism. You can switch to the Telephone mechanism by right clicking on the server in TS License Manager, and then selecting properties from the menu. (TS FAQ)
Finally once this is all accomplished go ahead and demote the dc to a member server (KB238369)
If DC2 not FSMO , yo can just demote it directly , make sure it no any sharing or DFS running
Also the Glocal catalog should not be click in DC2
Also the Glocal catalog should not be click in DC2
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
it work ..
Read here you can test your DC with
dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
http://social.technet.microsoft.com/Forums/en-US/winserverMigration/thread/266c9dbf-fe4d-4f39-81a8-274eaeb35e52/