Solved

Server 2003 demote DC keep DNS

Posted on 2014-10-24
4
658 Views
Last Modified: 2014-10-27
I'm looking for step by step instructions.

I have several Domain Controllers.  Mostly Server 2008 R2.  However, I still have two Domain Controllers with Server 2003 that I want to Demote; I need to keep the DNS after the demotion.

There are still many Static IP Servers pointing to it for DNS resolution as well as other devices.  I want to eventually change their settings to the newer 2008 R2 Domain Controllers with DNS.  But for now I need these two Server 2003 Domain Controller to serve up DNS until they are all changed.

I can't wait until I get everything moved.  I need to demote now and move DNS later.
Step by Step on how I keep my DNS please.  After the Demotion I know the DNS will be gone.  I'm looking for step by step on how to keep the DNS exactly the same way.  I can't have any down time outside the demotion and DNS repair.
Thanks
0
Comment
Question by:cridog
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 18

Expert Comment

by:Don S.
ID: 40402519
DNS does not automatically go away when you demote a DC.  Those are two separate things.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40402523
you would need to configure the domain controller(s) for zone transfers of the zones you want to transfer
on the 2003 servers, add a zone as secondary and specify one of the domain controllers that have the zone transfer enabled

Modify DNS zone transfer settings
http://technet.microsoft.com/en-us/library/cc782181(v=ws.10).aspx
0
 

Author Comment

by:cridog
ID: 40402634
dons6718 - DNS is still installed but there is nothing in it.  It is not useful at this point.  I'm trying to make it useful with the domains DNS entries.  It will still be the DNS server everyone else is hitting.  It needs to be able to respond with useful information.

Seth - Sounds like the right track.  The link shows me how to modify DNS zone transfer settings.  And I'm sure that is what I need to do.  However, I'm looking for a step by step solution.  So I demote the 2003 server; restart it; now what.  Where do I go to modify DNS zone transfer?  Is that all I need to do?  After I modify the DNS zone transfer it will work.  I'm missing the steps.  

Thanks
0
 
LVL 35

Accepted Solution

by:
Seth Simmons earned 500 total points
ID: 40406319
Where do I go to modify DNS zone transfer?

DNS console in administrative tools

After I modify the DNS zone transfer it will work.

it's a 2 step process - allow zone transfer on the other domain controller and add the zone as secondary on the demoted 2003 server

on the 2008 server, open the dns console, right click on a zone and select properties
click the zone transfer tab
check the box to allow zone transfers and check the option you want to either allow transfer to any server or you can restrict to only allow the servers you want

once that is done, open the dns console on the 2003 server,  right click on the server and select new zone
you fill in the info as far as the name, etc. but for zone type it will have 4 options - primary, secondary, stub and AD integrated; select secondary.  it will ask for the master server to transfer to, put the address of the 2008 server you just allowed the zone transfer on
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question