demote domain controllers / editing group policy
Posted on 2014-08-13
So, if you are doing a domain upgrade. It is true to say that should demote old domain controllers within a short period of time? like within a couple of months?
Doing so will allow you to raise the domain and forest functional levels to avail of the new features. One example when upgrading from server 2003 would be DFS-R for sysvol.
When you are upgrading from server 2008 / 2008 R2 to server 2012 / 2012 R2, the benefits are elsewhere.
So when it comes to editing Group Policy, the advice is always to edit group policy using the latest version of the GPMC. So if you were to introduce server 2012 / 2012 R2 member servers, you would need to use one of the member servers as your management station. The downside here is that people could continue to use the Server 2008 / 2008 R2 GPMC and cause possible corruption of GPOs. So if there is no technical reason to keep the old domain controllers, they should be demoted. Users would the edit group policy from the new domain controllers only.