Could someone please take a quick look at the following insights
for demoting and removing an older 2003 DC from out domain. I am
fairly certain that we are good to go, but want to make sure that
nothing breaks if possible.
We have an AD Forest (Forest functional level Windows Server 2003)
with a single domain (Domain functional level Windows Server 2003)
that contains 120 desktop/laptop objects, around 20 member servers
of different function types, o/s, etc... and 3 domain controllers that
have all been running together for several months now.
Two of the domain controllers are newer 2008 machines (2008 R2 Enterprise
and 2008 R2 Standard respectively) and the third
domain controller is an older 2003 Standard SP2 system. It is the 2003
DC that I intend to demote to a member server and then remove totally from
our AD as the hardware is old and likely to fail soon. We introduced the 2nd
2008 R2 DC a few months ago and everything has been running smoothly. In preparation
for removing the 2003 DC we have checked and/or adjusted all the aspects listed below:
- All the FSMO roles are on the two 2008 DC systems (PDC, Infra and RID on one and
Schema and Domain Role on the other)
- All three DC's are Global Catalogue servers
- The 2003 DC does not provide DHCP, WINS or DNS services as these have all been moved
to other servers several months ago
- we are not planning to raise the domain or forest level to 2008 yet
- the 2003 DC does not act as a certificate authority (we don't have one)
- it is not a bridgehead server and we have no other sites
- I do all our GPO stuff from one of the 2008 DC's
- All replications (repadmin /showrepl) between all 3 DC's were successful
and I tried it on all 3 DC systems
Will I have to manually cleanup AD using Adsiedit/Ntdsutil if we gracefully demote
the DC to a member server and then remove the server from AD?
Will it break DFS which is on our single file server?
Is there anything else that I need to do or that might be affected.