Solved

Decom Server 2003 to Server 2012

Posted on 2014-12-23
6
110 Views
Last Modified: 2015-01-05
hey guys,

We have an old Server 2003 server here, and we added 2 new Server 2012 DC's. So far everything is syncing up and replicating properly.

I want to decom the Server 2003 now, i moved all the FSMO roles already. Is there anything else I need to do or do i just run DCPROMO?
0
Comment
Question by:Cobra25
  • 3
  • 2
6 Comments
 
LVL 57

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 250 total points
ID: 40515601
As long as there are no errors in the event logs and dcdiag comes up clean, you can dcpromo the old server to demote it.
0
 
LVL 4

Author Comment

by:Cobra25
ID: 40515649
dcdiag/netdiag is clean...

So after thats done, i'll just raise the DFL to 2012?
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40515691
I would. But it isn't technically required.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 4

Author Comment

by:Cobra25
ID: 40515706
Do i need to do anything with DFS?
0
 
LVL 57

Expert Comment

by:Cliff Galiher
ID: 40515713
If you are still using FRS for replication, I'd upgrade to DFS. But again, not technically required.
0
 
LVL 10

Accepted Solution

by:
Michael Ian Claridge earned 250 total points
ID: 40515727
Hello,

Below is some very high level considerations when decommissioning any domain controller, I hope this is of some use to you:

DHCP

Check the DHCP scopes, it may not be uncommon for the DC you are decommissioning to be used for primary or secondary DNS resolution for the domain clients for each scope.

DNS

Similar to the importance of checking the DHCP scopes for DNS settings, servers within the domain could also have their primary or secondary DNS set to the IP address of the server you are decommissioning.

NTP

In some cases you could find that NTP is being used for time synchronization by other member servers, this will become a problem if the NTP server set is the DC that you are decommissioning. Windows Time should ideally be configured as type NT5DS, which is DOMHIER (Domain Hierarchy), this addresses future complications around static time configuration to a solitary time service.

GPO

Consider reviewing the group policy objects within the domain to ensure that the server you are decommissioning has no direct relationships, for example software distribution, printer mappings, drive mapping at logon etc.

File Shares

Ensure that no file shares are being used by member servers or other Windows Clients.

Network Monitor

Network Monitor can be installed and used to trace all network connectivity, this will help you understand if the server is being used by any other service which may have been missed in the above

listed considerations, and this will also provide a deeper more successful recon before the Domain Controller is decommissioned.

FSMO

You should always check and validate if the DC you are decommissioning is currently hosting any of the 5 FSMO roles, this can be done via Ntdsutil.exe. Additionally if the server is hosting any FSMO roles that they are moved to a different domain controller.

Global Catalogue

You should always check and validate whether the DC you are decommissioning is currently a Global Catalogue server (GC), this can be checked via “Active Directory Sites and Services”. It is important to note that if the DC you are decommissioning is a GC it is not the only GC within the same active directory site.

DNS Server Functionality

You should always check and validate that DNS changes submitted on the DC you are decommissioning are / have been registered to other DNS servers within the forest before continuing with the decommissioning process, this can be confirmed via netdiag /test:DNS from a command prompt.

Communication To Other DC’s

You should always check and validate that other DC’s within the forest can be located successfully, this can be tested and confirmed by using netdiag /test:dsgetdc /v

Operations Master Communications

You should always check and validate that the operations master FSMO role can be discovered, confirmed to be online and is responding.

Uninstall Active Directory

Once you confirm that the domain controller you are decommissioning provides no implicit resource to other clients within the forest, and that you have also confirmed the health, availability and functionality of the other domain controllers within the forest it is safe to uninstall Active Directory from the domain controller, this can be done via DCPROMO.

Regards

Michael Ian Claridge
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
OfficeMate Freezes on login or does not load after login credentials are input.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question