Solved

Decom Server 2003 to Server 2012

Posted on 2014-12-23
6
106 Views
Last Modified: 2015-01-05
hey guys,

We have an old Server 2003 server here, and we added 2 new Server 2012 DC's. So far everything is syncing up and replicating properly.

I want to decom the Server 2003 now, i moved all the FSMO roles already. Is there anything else I need to do or do i just run DCPROMO?
0
Comment
Question by:Cobra25
  • 3
  • 2
6 Comments
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 40515601
As long as there are no errors in the event logs and dcdiag comes up clean, you can dcpromo the old server to demote it.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40515649
dcdiag/netdiag is clean...

So after thats done, i'll just raise the DFL to 2012?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40515691
I would. But it isn't technically required.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 4

Author Comment

by:Cobra25
ID: 40515706
Do i need to do anything with DFS?
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40515713
If you are still using FRS for replication, I'd upgrade to DFS. But again, not technically required.
0
 
LVL 10

Accepted Solution

by:
Michael Ian Claridge earned 250 total points
ID: 40515727
Hello,

Below is some very high level considerations when decommissioning any domain controller, I hope this is of some use to you:

DHCP

Check the DHCP scopes, it may not be uncommon for the DC you are decommissioning to be used for primary or secondary DNS resolution for the domain clients for each scope.

DNS

Similar to the importance of checking the DHCP scopes for DNS settings, servers within the domain could also have their primary or secondary DNS set to the IP address of the server you are decommissioning.

NTP

In some cases you could find that NTP is being used for time synchronization by other member servers, this will become a problem if the NTP server set is the DC that you are decommissioning. Windows Time should ideally be configured as type NT5DS, which is DOMHIER (Domain Hierarchy), this addresses future complications around static time configuration to a solitary time service.

GPO

Consider reviewing the group policy objects within the domain to ensure that the server you are decommissioning has no direct relationships, for example software distribution, printer mappings, drive mapping at logon etc.

File Shares

Ensure that no file shares are being used by member servers or other Windows Clients.

Network Monitor

Network Monitor can be installed and used to trace all network connectivity, this will help you understand if the server is being used by any other service which may have been missed in the above

listed considerations, and this will also provide a deeper more successful recon before the Domain Controller is decommissioned.

FSMO

You should always check and validate if the DC you are decommissioning is currently hosting any of the 5 FSMO roles, this can be done via Ntdsutil.exe. Additionally if the server is hosting any FSMO roles that they are moved to a different domain controller.

Global Catalogue

You should always check and validate whether the DC you are decommissioning is currently a Global Catalogue server (GC), this can be checked via “Active Directory Sites and Services”. It is important to note that if the DC you are decommissioning is a GC it is not the only GC within the same active directory site.

DNS Server Functionality

You should always check and validate that DNS changes submitted on the DC you are decommissioning are / have been registered to other DNS servers within the forest before continuing with the decommissioning process, this can be confirmed via netdiag /test:DNS from a command prompt.

Communication To Other DC’s

You should always check and validate that other DC’s within the forest can be located successfully, this can be tested and confirmed by using netdiag /test:dsgetdc /v

Operations Master Communications

You should always check and validate that the operations master FSMO role can be discovered, confirmed to be online and is responding.

Uninstall Active Directory

Once you confirm that the domain controller you are decommissioning provides no implicit resource to other clients within the forest, and that you have also confirmed the health, availability and functionality of the other domain controllers within the forest it is safe to uninstall Active Directory from the domain controller, this can be done via DCPROMO.

Regards

Michael Ian Claridge
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now