Solved

Decommissioning old domain controller in several remote sites

Posted on 2014-10-24
8
141 Views
Last Modified: 2015-01-02
I have some remote offices old domain controller box that I need to decommission.

Each office sites got their own aD domain controller with global catalog and has each dedicated AD site.

I'm going to build two AD domain  controllers / global catalog in the data centre in its own AD site.

So is there any steps or consideration that I need to do before and after decommissioning the old domain controllers in each office sites ?

Do I have to delete or eliminate the AD site in each office location ?
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40402148
If anyone also know what is the best practice of building AD sites for multiple office branch location that'd be greatly appreciated to share it here. Thanks.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40402172
are you removing the AD sites entirely and consolidating?
is the site itself going away (office closing) or just domain controllers?
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40402184
I'm consolidating the domain controllers so instead of the small remote branch office and hotels has its own domain controller, they can use the two domain controllers in the data centre.

This is for 170 sites for multiple different hotel and apartment within one continent in Asia.

The link to the data centre is MPLS link.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40402189
So if no AD domain controller exist in one site physically do I still must keep the AD site or I can safely delete it ?
0
 
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 500 total points
ID: 40402206
a couple things...
1) no domain controller means that there could be latency with logons because of reaching out over the wan to talk to another server
2) if you delete the site, that will make things worse because a domain controller will take over a site if there isn't one in place there so without the site makes things more complicated.  also, without a subnet for that site, other domain controllers will constantly throw warnings about clients talking to it from subnets that don't exist

better off leaving the sites there with the appropriate subnets
clients will still find a domain controller
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40526975
Seth,

Assuming that the 10 MBps WAN link is always on with no bottleneck issue, can I just demote the domain controllers in each AD sites and then leave the AD sites as you suggested?

because my problem at the moment is that there are too many domain controllers to be managed in each sites. Therefore the only domain controllers will be in the main Data Center only not on each sites.
0
 
LVL 35

Accepted Solution

by:
Seth Simmons earned 500 total points
ID: 40528674
if you remove the domain controllers in other sites, then the sites will be taken over by the existing domain controllers since none exist in the others

for example, if you have sites in japan - say tokyo, nagoya, osaka and you remove the domain controllers in nagoya and osaka but leave the AD sites, the domain controller(s) in tokyo (or a DC in another site) would take network requests for systems in the nagoya and osaka sites that don't have their own domain controller

the problem comes in when the connection breaks
some parts of asia that i've been in don't have reliable connectivity at all but others have excellent reliability and speed
0
 
LVL 8

Author Closing Comment

by:Senior IT System Engineer
ID: 40528744
Thanks
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question