Solved

Decommissioning old domain controller in several remote sites

Posted on 2014-10-24
8
125 Views
Last Modified: 2015-01-02
I have some remote offices old domain controller box that I need to decommission.

Each office sites got their own aD domain controller with global catalog and has each dedicated AD site.

I'm going to build two AD domain  controllers / global catalog in the data centre in its own AD site.

So is there any steps or consideration that I need to do before and after decommissioning the old domain controllers in each office sites ?

Do I have to delete or eliminate the AD site in each office location ?
0
Comment
  • 5
  • 3
8 Comments
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40402148
If anyone also know what is the best practice of building AD sites for multiple office branch location that'd be greatly appreciated to share it here. Thanks.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40402172
are you removing the AD sites entirely and consolidating?
is the site itself going away (office closing) or just domain controllers?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40402184
I'm consolidating the domain controllers so instead of the small remote branch office and hotels has its own domain controller, they can use the two domain controllers in the data centre.

This is for 170 sites for multiple different hotel and apartment within one continent in Asia.

The link to the data centre is MPLS link.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40402189
So if no AD domain controller exist in one site physically do I still must keep the AD site or I can safely delete it ?
0
 
LVL 34

Assisted Solution

by:Seth Simmons
Seth Simmons earned 500 total points
ID: 40402206
a couple things...
1) no domain controller means that there could be latency with logons because of reaching out over the wan to talk to another server
2) if you delete the site, that will make things worse because a domain controller will take over a site if there isn't one in place there so without the site makes things more complicated.  also, without a subnet for that site, other domain controllers will constantly throw warnings about clients talking to it from subnets that don't exist

better off leaving the sites there with the appropriate subnets
clients will still find a domain controller
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40526975
Seth,

Assuming that the 10 MBps WAN link is always on with no bottleneck issue, can I just demote the domain controllers in each AD sites and then leave the AD sites as you suggested?

because my problem at the moment is that there are too many domain controllers to be managed in each sites. Therefore the only domain controllers will be in the main Data Center only not on each sites.
0
 
LVL 34

Accepted Solution

by:
Seth Simmons earned 500 total points
ID: 40528674
if you remove the domain controllers in other sites, then the sites will be taken over by the existing domain controllers since none exist in the others

for example, if you have sites in japan - say tokyo, nagoya, osaka and you remove the domain controllers in nagoya and osaka but leave the AD sites, the domain controller(s) in tokyo (or a DC in another site) would take network requests for systems in the nagoya and osaka sites that don't have their own domain controller

the problem comes in when the connection breaks
some parts of asia that i've been in don't have reliable connectivity at all but others have excellent reliability and speed
0
 
LVL 7

Author Closing Comment

by:Senior IT System Engineer
ID: 40528744
Thanks
0

Join & Write a Comment

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
Synchronize a new Active Directory domain with an existing Office 365 tenant
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now