Solved

Demote 2003 DC and remove from domain/forest

Posted on 2014-12-10
2
447 Views
Last Modified: 2014-12-15
Could someone please take a quick look at the following insights
for demoting and removing an older 2003 DC from out domain. I am
fairly certain that we are good to go, but want to make sure that
nothing breaks if possible.
We have an AD Forest (Forest functional level Windows Server 2003)
with a single domain (Domain functional level Windows Server 2003)
that contains 120 desktop/laptop objects, around 20 member servers
of different function types, o/s, etc... and 3 domain controllers that
have all been running together for several months now.
Two of the domain controllers are newer 2008 machines (2008 R2 Enterprise
and 2008 R2 Standard respectively) and the third
domain controller is an older 2003 Standard SP2 system. It is the 2003
DC that I intend to demote to a member server and then remove totally from
our AD as the hardware is old and likely to fail soon. We introduced the 2nd
2008 R2 DC a few months ago and everything has been running smoothly. In preparation
for removing the 2003 DC we have checked and/or adjusted all the aspects listed below:

- All the FSMO roles are on the two 2008 DC systems (PDC, Infra and RID on one and
Schema and Domain Role on the other)
- All three DC's are Global Catalogue servers
- The 2003 DC does not provide DHCP, WINS or DNS services as these have all been moved
to other servers several months ago
- we are not planning to raise the domain or forest level to 2008 yet
- the 2003 DC does not act as a certificate authority (we don't have one)
- it is not a bridgehead server and we have no other sites
- I do all our GPO stuff from one of the 2008 DC's
- All replications (repadmin /showrepl) between all 3 DC's were successful
and I tried it on all 3 DC systems


Will I have to manually cleanup AD using Adsiedit/Ntdsutil if we gracefully demote
the DC to a member server and then remove the server from AD?
Will it break DFS which is on our single file server?
Is there anything else that I need to do or that might be affected.
0
Comment
Question by:Laszlo Denes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 33

Accepted Solution

by:
it_saige earned 500 total points
ID: 40491762
It looks as if you have all your bases covered.  Since DFS (like DNS) allows integration within AD, you don't have any concerns there since your replications are functioning normally.  I don't believe that you will have any cleanup (per se) in AD so long as you gracefully removing the 2003 server.

-saige-
0
 

Author Comment

by:Laszlo Denes
ID: 40500499
Thanks.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Setup new Win2012 DC, remove SBS 2011 5 22
Password change / expire 4 39
robocopy question 3 27
how to demote a DC microsoft server 2016 13 35
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question