brodeck
asked on
Demote 2003 DCs but Keep DNS Installed?
We have an single AD domain with a mix of 2003 and 2008 DCs, and are moving to demote the 2003 DCs in order to migrate to a pure 2008 forest/domain functional level.
Two of the 2003 DCs provide AD-integrated DNS services for many locations, and we're working in DHCP and on statically-addressed servers to point to the 2008 AD-integrated DNS servers instead.
The list of servers and remotely located PCs that use these servers for primary/secondary DNS is long. I want to demote these 2003 DCs but keep them active as DNS servers until we clean everything up.
What's the best way to accomplish this, and what happens to their "AD-integrated" status after demotion?
Thanks for your help!
Two of the 2003 DCs provide AD-integrated DNS services for many locations, and we're working in DHCP and on statically-addressed servers to point to the 2008 AD-integrated DNS servers instead.
The list of servers and remotely located PCs that use these servers for primary/secondary DNS is long. I want to demote these 2003 DCs but keep them active as DNS servers until we clean everything up.
What's the best way to accomplish this, and what happens to their "AD-integrated" status after demotion?
Thanks for your help!
Suliman Abu Kharroub
Change the zone type to be not integrated zone. then demote them.
AD-integrated DNS zone can be installed only on DNS hosted by a DC. AD DNS zones are replicated via DC replication and cannot be hosted by a DNS on a domain member.
I would suggest completing the migration of the DNS servers before demoting the DC and removing the AD DNS zones from it.
I would suggest completing the migration of the DNS servers before demoting the DC and removing the AD DNS zones from it.
if you want the 2008 machines only to host DNS then install DNS on them assuming its an AD integrated zone DNS will replicate from the other DCs.
When you demote the 2003 DCs DNS will be removed from them leaving it on the 2008 Machines.
You will need to change any static IP assignments to point to the new 2008 machines as the preferred DNS sever (including those on the machines themselves)
You may also need to reconfigure DHCP options (if you use DHCP), to provide the IP of the 2008 servers as DNS server addresses.
When you demote the 2003 DCs DNS will be removed from them leaving it on the 2008 Machines.
You will need to change any static IP assignments to point to the new 2008 machines as the preferred DNS sever (including those on the machines themselves)
You may also need to reconfigure DHCP options (if you use DHCP), to provide the IP of the 2008 servers as DNS server addresses.
ASKER
Thanks everyone for your quick replies.
KCTS, the 2008 DCs are all DNS servers now. Most servers and all DHCP scopes have been pointed to the 2008 DCs/DNS servers.
My concern is that individual PCs at store locations require static IPs for various reasons, and they point to two 2003 DCs for DNS.
Owing to differences in networks, many PCs at stores can't have their static DNS addresses changed for awhile.
So, is it possible to use non-AD-integrated DNS on the two 2003 servers after they are demoted, or must all DNS servers be AD-integrated?
Thanks again.
KCTS, the 2008 DCs are all DNS servers now. Most servers and all DHCP scopes have been pointed to the 2008 DCs/DNS servers.
My concern is that individual PCs at store locations require static IPs for various reasons, and they point to two 2003 DCs for DNS.
Owing to differences in networks, many PCs at stores can't have their static DNS addresses changed for awhile.
So, is it possible to use non-AD-integrated DNS on the two 2003 servers after they are demoted, or must all DNS servers be AD-integrated?
Thanks again.
Theoretically, it is possible but how this should be configured depends on the existing network design and on the required features, like replications and updates.
If you really need to decommission the old 2003 DCs before reconfiguring all station, I would suggest testing that in your lab with similar network design.
If you really need to decommission the old 2003 DCs before reconfiguring all station, I would suggest testing that in your lab with similar network design.
Once you demote the 2003 boxes then although DNS is installed your Active Directory Integrated zone will no longer be here. So it's not really hosed just not there anymore because it is no longer a DC. You can uninstall DNS. All the DNS info will replicate to your new DC/DNS server.
Make sure that replication (AD, DNS, SYSVOL, etc) has happened and is successful before demoting the old boxes.
DHCP will continue to work. I like having DHCP on a separate box but it's up to you. You could keep the 2003 servers as DHCP servers. Make sure to update the scopes with the new DNS IP though.
Make sure that replication (AD, DNS, SYSVOL, etc) has happened and is successful before demoting the old boxes.
DHCP will continue to work. I like having DHCP on a separate box but it's up to you. You could keep the 2003 servers as DHCP servers. Make sure to update the scopes with the new DNS IP though.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Darkworld1000, thanks for your input and the link.
I'm copying the following post from the link . Is it accurate, and how does DNS on a member server interact with an AD-integrated DNS environment? Like a read-only DNS?
Expert Comment
by: ARK-DSPosted on 2010-03-03 at 03:00:59ID: 27291370
Hi,
As far as DNS is concerned, you can keep it running on a member server as well but you will have to change the replication scope of the zone to "All DNS servers in the domain".
Thanks,
Arun.
I'm copying the following post from the link . Is it accurate, and how does DNS on a member server interact with an AD-integrated DNS environment? Like a read-only DNS?
Expert Comment
by: ARK-DSPosted on 2010-03-03 at 03:00:59ID: 27291370
Hi,
As far as DNS is concerned, you can keep it running on a member server as well but you will have to change the replication scope of the zone to "All DNS servers in the domain".
Thanks,
Arun.