[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1130
  • Last Modified:

demote old domain controller

Hi there,

I have 2 old domain controllers 2003 (dc1 & dc2) and 1 new dc 2008 r2.  The dc1 holds a FSMO role.  If I want to demote dc2 to member server, what is any prerequisites need before run the dcpromo and remote it from AD.

Regards,

Van
0
Vincent2211
Asked:
Vincent2211
1 Solution
 
Lior KarasentiCommented:
Is there any roles installed on dc2? DHCP,DNS,Shares ?

Read here you can test your DC with
dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt

http://social.technet.microsoft.com/Forums/en-US/winserverMigration/thread/266c9dbf-fe4d-4f39-81a8-274eaeb35e52/
0
 
djsharmaCommented:
As you have already mention that all fsmo roles are on DC1.
You can go ahead with DCPROMO.
http://technet.microsoft.com/en-us/library/cc740017(WS.10).aspx
0
 
Suliman Abu KharroubIT Consultant Commented:
Also make sure that dc1 is a global catalogs.

And run dcdiag on dc1  to make sure it's working properly.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
perolinCommented:
In most case, dcpromo will warn you, if there is a problem, if you go to depromote this dc. But follow the instructions mentioned before on Microsoft teched.
0
 
Sushil SonawaneCommented:
Make sure that in domain other server also hold a global catalogs.

And run dcdiag on dc1 and dc2  to make sure it's working properly and does not hold any service like certificate authority. If it's hold then migrate with anohter domain controller.

You already mention the all fsmo roles are on DC1 so you can go ahead with DCPROMO for removal.

Refer below article (http://technet.microsoft.com/en-us/library/cc740017(WS.10).aspx)

If it is failed then try to remove forcefully domain controller.

To remove forcefully domain controller please refer the below article (http://support.microsoft.com/kb/332199)
0
 
Stelian StanCommented:
The only concern would be the the Global Catalog. If you have a global catalog on another DC you can proceed with the decommission of that domain controller by running dcpromo.
0
 
Sarang TinguriaSr EngineerCommented:
Refered http://www.pbbergs.com/windows/articles/DecommissionDC.html

Output from Above article of Pbbergs

Decommissioning a dc requires all domain services that currently reside on a server need to be moved to other dc’s.  

 

You need to move any fsmo roles from this dc to another dc (KB255960)
To learn where the roles reside run the command     netdom query fsmo
If the PDCe fsmo role resided on this DC then you need to reconfigure the new holder of the PDCe to either use the internal hardware clock or an external source.  I would recommend using an external source KB816042.
There needs to be at least one Global Catalog (GC) in each domain and it is recommended that there is one in each site (KB313994)
Move DNS services to other DC’s if this DC is a DNS provider.  Also point all clients that use this server for DNS to the new DNS server
If AD integrated simply installing DNS on a member server prior to promotion will bring up a new DNS server
If not AD integrated and this is a primary server then a new primary server will need to be brought online.  From DNS server manager the server needs to be promoted to primary
If a secondary server then make the new dc a new secondary server
If a dhcp server then the dhcp servers database needs to be backed up and copied to the new dhcp server.  The old dhcp server deauthorized and the new dhcp server authorized (KB325473)
If you have Encryption File System (EFS) enabled you will need to move the private key if it resides on this dc (KB241201).  You use the recovery agent's private key to recover data in situations when the copy of the EFS private key that is located on the local computer is lost
If this server manages Terminal Server Licensing (TSL) then it will have to be moved to a new DC.  From Add/Remove programs you will need to add a new TSL.  You can then restore the licenses by using the TS License Manager tool with the Telephone activation mechanism. You can switch to the Telephone mechanism by right clicking on the server in TS License Manager, and then selecting properties from the menu. (TS FAQ)
 

Finally once this is all accomplished go ahead and demote the dc to a member server (KB238369)
0
 
barrykflCommented:
If DC2 not FSMO , yo can just demote it directly , make sure it no any sharing or DFS running
Also the Glocal catalog should not be click in DC2
0
 
Vincent2211Author Commented:
the dcpromo demote work well after migrate the certificate service to new dc.
Thanks ..
0
 
Vincent2211Author Commented:
it work ..
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now