Solved

Demote 2003 DC and remove from domain/forest

Posted on 2014-12-10
2
405 Views
Last Modified: 2014-12-15
Could someone please take a quick look at the following insights
for demoting and removing an older 2003 DC from out domain. I am
fairly certain that we are good to go, but want to make sure that
nothing breaks if possible.
We have an AD Forest (Forest functional level Windows Server 2003)
with a single domain (Domain functional level Windows Server 2003)
that contains 120 desktop/laptop objects, around 20 member servers
of different function types, o/s, etc... and 3 domain controllers that
have all been running together for several months now.
Two of the domain controllers are newer 2008 machines (2008 R2 Enterprise
and 2008 R2 Standard respectively) and the third
domain controller is an older 2003 Standard SP2 system. It is the 2003
DC that I intend to demote to a member server and then remove totally from
our AD as the hardware is old and likely to fail soon. We introduced the 2nd
2008 R2 DC a few months ago and everything has been running smoothly. In preparation
for removing the 2003 DC we have checked and/or adjusted all the aspects listed below:

- All the FSMO roles are on the two 2008 DC systems (PDC, Infra and RID on one and
Schema and Domain Role on the other)
- All three DC's are Global Catalogue servers
- The 2003 DC does not provide DHCP, WINS or DNS services as these have all been moved
to other servers several months ago
- we are not planning to raise the domain or forest level to 2008 yet
- the 2003 DC does not act as a certificate authority (we don't have one)
- it is not a bridgehead server and we have no other sites
- I do all our GPO stuff from one of the 2008 DC's
- All replications (repadmin /showrepl) between all 3 DC's were successful
and I tried it on all 3 DC systems


Will I have to manually cleanup AD using Adsiedit/Ntdsutil if we gracefully demote
the DC to a member server and then remove the server from AD?
Will it break DFS which is on our single file server?
Is there anything else that I need to do or that might be affected.
0
Comment
Question by:Laszlo Denes
2 Comments
 
LVL 32

Accepted Solution

by:
it_saige earned 500 total points
Comment Utility
It looks as if you have all your bases covered.  Since DFS (like DNS) allows integration within AD, you don't have any concerns there since your replications are functioning normally.  I don't believe that you will have any cleanup (per se) in AD so long as you gracefully removing the 2003 server.

-saige-
0
 

Author Comment

by:Laszlo Denes
Comment Utility
Thanks.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now