removing broke domain controller...then upgrading to MS Win 2K12


The solutions to my problems may have already been answered from other questions. In which case, please refer me to the proper links. Thank you.

The premise…
Our domain consists of multiple Windows 2003 servers and two Windows 2000 servers as the domain controllers. The plan is to move from the two Windows 2000 servers to two Windows 2012 servers as domain controllers. Because there is no direct path to upgrade from Win Server 2000 to Win Server 2012, we need to upgrade the current two domain controllers to Windows 2003 (or Windows 2008) then upgrade to Windows Server 2012.

The short version of the problem….
Of the two current Windows 2000 server domain controllers (DC1 and DC2), DC1 has problems. We get the message, ”There are no endpoints available from the endpoint mapper.” This and other problems affects its ability to replicate and communicate with the DC2. And we cannot transfer FSMO roles between the two DCs because of these problems.

The basic solution to the problem…
From what’s been relayed to me, it appears my best course is: a) to shutdown DC1 and 2) use DC2 to seize the FSMO roles. And move forward from that point. What’s a little unclear to me is once I seize the remaining FSMO roles and move those roles to DC2:
“Should I simply run adprep on that single domain controller DC2?” (and move forward to Windows 2012 from there.)

“Or should I promote a new Windows 2000 server to domain controller and once again have two Windows 2000 servers for domain controllers?” (and move forward to Windows 2012 from there.)

And once adprep has run successfully, shouldn’t I simply be able to promote a new Windows Server 2003 (or Windows Server 2008) to domain controller and move some or all the FSMO roles to the Win 2K3 (or Win 2K8) server?

But the underlying point here is that I am past trying to fix DC1. I need to find the best way to: 1) gracefully remove DC1…2) run adprep on the remaining domain controller (whether its DC2 or another domain controller)….and 3) move forward to upgrading to Windows Server 2012 as the final steps. I need to make sure to do whatever is needed before I shutdown and remove DC1.

You input is appreciated and if you have questions, please ask.

Thank you.  

L Long
Who is Participating?
Premkumar YogeswaranConnect With a Mentor Analyst II - System AdministratorCommented:

Check the pre-requisites and required information from the below MS site..

After changing the existing DCs to 2003, follow the below link for upgrading to 2012.

As well as 2012 DC installation.
Mike KlineConnect With a Mentor Commented:
You will also need to go through a metadata cleanup to get rid of the old DC1

I'd personally probably promote another 2000 box as fast as possible.   Just to have two good working DCs before doing any upgrades, etc.   Just think if DC2 goes down hard right now and you have no good backup?


MaheshConnect With a Mentor ArchitectCommented:
You simply can't upgrade schema to 2012 version since you are having 2000 DC and schema version

If you have problem with one 2000 DC, you can shutdown problematic DC and seize roles on another DC, this plan is correct
Mike's suggestion is also really very good ! play safe
After that you have to upgrade AD schema to either windows 2008 \ 2008 R2
For that your domain functional level must be at least windows 2000 native mode.
It can be upgraded to 2003 as well, but i do not recommend that since you have option to go to 2008 r2 directly

Once you upgraded schema to 2008 R2, just introduce 2008 r2 ADCs in network and transfer FSMO roles and verify its functionality thoroughly
Then just demote 2000 DCs from network and then you are good to go with 2012 schema upgrade and 2012 DC installation

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

LLong29Author Commented:

Thank you for your comment.

Ever since I have been having problems with DC1, I build a Windows 2000 Server and added it to the domain. That server is literally not doing any work other than being powered up and logged into. It's my "backup Windows 2000 server". My thoughts were to use that server as my "second domain server" after I remove DC1 and seize the roles using DC2.

I considered that if I removed DC1 and got DC2 to run adprep within a day or so maybe I could simply use the single DC. But certainly (as you pointed out) , it makes better sense to maintain two DCs at all times.

And Thank you for the information about the metadata.
LLong29Author Commented:

Mr. Mahesh, thank you for your information. If its possible, we may pick upgrading to 2008 r2 instead of 2003. But that will depend on some other factors...

And Mr. Premkumar, thank you also for the links you sent. I believe I may have seen one of those links before. But I am happy that more than one source has suggested the same procedure.

Thank all of you gentlemen. We hope to start this procedure within the next week or so.

L Long
LLong29Author Commented:
Hello... This is just to let you gentlemen know that we will be shutting down broke DC controller next week April 22nd. We had to delay shutting down broke DC controller because of scheduling concerns. On April 23rd I will post results of the shutdown.   L Long
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.