Demote 2003 DCs but Keep DNS Installed?

Posted on 2012-09-04
Last Modified: 2012-09-06
We have an single AD domain with a mix of 2003 and 2008 DCs, and are moving to demote the 2003 DCs in order to migrate to a pure 2008 forest/domain functional level.

Two of the 2003 DCs provide AD-integrated DNS services for many locations, and we're working in DHCP and on statically-addressed servers to point to the 2008 AD-integrated DNS servers instead.  

The list of servers and remotely located PCs that use these servers for primary/secondary DNS is long.  I want to demote these 2003 DCs but keep them active as DNS servers until we clean everything up.

What's the best way to accomplish this, and what happens to their "AD-integrated" status after demotion?

Thanks for your help!
Question by:brodeck
    LVL 23

    Expert Comment

    by:Suliman Abu Kharroub
    Change the zone type to be not integrated zone. then demote them.
    LVL 20

    Expert Comment

    by:Svet Paperov
    AD-integrated DNS zone can be installed only on DNS hosted by a DC. AD DNS zones are replicated via DC replication and cannot be hosted by a DNS on a domain member.

    I would suggest completing the migration of the DNS servers before demoting the DC and removing the AD DNS zones from it.
    LVL 70

    Expert Comment

    if you want the 2008 machines only to host DNS then install DNS on them assuming its an AD integrated zone DNS will replicate from the other DCs.
    When you demote the 2003 DCs DNS will be removed from them leaving it on the 2008 Machines.

    You will need to change any static IP assignments to point to the new 2008 machines as the preferred DNS sever (including those on the machines themselves)

    You may also need to reconfigure DHCP options (if you use DHCP), to provide the IP of the 2008 servers as DNS server addresses.

    Author Comment

    Thanks everyone for your quick replies.  

    KCTS, the 2008 DCs are all DNS servers now.  Most servers and all DHCP scopes have been pointed to the 2008 DCs/DNS servers.

    My concern is that individual PCs at store locations require static IPs for various reasons, and they point to two 2003 DCs for DNS.

    Owing to differences in networks, many PCs at stores can't have their static DNS addresses changed for awhile.

    So, is it possible to use non-AD-integrated DNS on the two 2003 servers after they are demoted, or must all DNS servers be AD-integrated?

    Thanks again.
    LVL 20

    Expert Comment

    by:Svet Paperov
    Theoretically, it is possible but how this should be configured depends on the existing network design and on the required features, like replications and updates.

    If you really need to decommission the old 2003 DCs before reconfiguring all station, I would suggest testing that in your lab with similar network design.
    LVL 3

    Expert Comment

    Once  you demote the 2003 boxes then although DNS is installed your Active Directory Integrated zone will no longer be here.   So it's not really hosed just not there anymore because it is no longer a DC.  You can uninstall DNS.  All the DNS info will replicate to your new DC/DNS server.

    Make sure that replication (AD, DNS, SYSVOL, etc) has happened and is successful before demoting the old boxes.

    DHCP will continue to work.  I like having DHCP on a separate box but it's up to you.  You could keep the 2003 servers as DHCP servers.  Make sure to update the scopes with the new DNS IP though.
    LVL 3

    Accepted Solution


    Author Comment

    Darkworld1000, thanks for your input and the link.  

    I'm copying the following post from the link .  Is it accurate, and how does DNS on a member server interact with an AD-integrated DNS environment?  Like a read-only DNS?

    Expert Comment
    by: ARK-DSPosted on 2010-03-03 at 03:00:59ID: 27291370

    As far as DNS is concerned, you can keep it running on a member server as well but you will have to change the replication scope of the zone to "All DNS servers in the domain".



    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
    Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
    This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now