Solved

Retiring the First DNS/DC in the enterprise

Posted on 2015-02-01
5
69 Views
Last Modified: 2015-02-10
I am ready to retire the first two Domain controllers/DNS servers (collocated) in the enterprise as they are Server2003.

I have moved the FSMO roles to 2008R2 servers.

DNS replicates to all in name server tab, which I'll check after removing that role from the 2003 Servers.

I'm looking for items to check or move before removing the founding DC/DNS servers.

Thanks
0
Comment
Question by:whoam
5 Comments
 
LVL 9

Assisted Solution

by:Benjamin MOREAU
Benjamin MOREAU earned 125 total points
ID: 40582902
Check you have a global catalog on your AD.
Check you have updated your DHC server (with new DNS).

If you are "stressed", you can test to shutdown your old server for 1/2 days et check if all acces are OK (files access, creating new account...)
0
 
LVL 39

Assisted Solution

by:footech
footech earned 125 total points
ID: 40583009
I'll typically do the following:
- transfer FSMO roles and verify (netdom query fsmo) from multiple servers
- run repadmin /showrepl and check for errors
- run dcdiag /v and dcdiag /v /test:dns on each DC and check for errors
- make sure DHCP is handing out correct addresses for DNS if those are changing
- best practice is to make all DCs a global catalog
- configure PDCe to sync time from external source
- reset w32tm config on old PDCe
  net stop w32time
   w32tm /unregister
   w32tm /register
   net start w32time

- you may have to update some DNS info manually, like any delegations for the _msdcs zone
- verify DNS config on new servers such as use of forwarders, any zones on the old DCs which may not be AD-integrated (and so wouldn't have been copied by AD replication)

I also think it's a good idea to turn off the old DCs for a period to verify everything functions.
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 125 total points
ID: 40583329
My steps:
1. Run DCDIAG /C /E V
2. make sure FSMO roles are moved off any DC about to be removed
3. make sure global catalogs are set for other DCs that will remain
4. make sure any system using the DNS of the server to be retired has been redirected to a new server
5. make sure DHCP settings are adjusted for ay scopes that might otherwise use the DNS server of the DCs about to be retired.
6. Turn OFF the DC to be retired for 1 week (unless something stops working, then turn it on)
7.  After 1 week, turn on the DC and decommission properly using DCPROMO and removing the DC functionality.
8.  get rid of the server
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 125 total points
ID: 40583417
After movement of FSMO, force AD replication and run netdom query fsmo command on all domain controllers and ensure output is same on all domain controllers
If output is not same, this is 1st thing you need to fix. In that case it is might be replication issue

After that on old PDC server run below command
w32tm /config /syncfromflags:domhier /reliable:no /update
net stop w32time
net start w32time
https://technet.microsoft.com/en-us/library/cc816748(v=ws.10).aspx

on new PDC configure server to poll time from external time source
w32tm /config /manualpeerlist:<peers> /syncfromflags:manual /reliable:yes /update
net stop w32time
net start w32time

Replace peers with single \ multiple NTP servers
format for entering multiple servers:
/Manualpeerlist:"server1.pool.org server2.pool.org"
https://technet.microsoft.com/en-us/library/cc786897(v=ws.10).aspx

On client machines, you may run below command thru GPO startup .bat script
w32tm /config /syncfromflags:domhier /update
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 40583424
U may choose appropriate internet time servers from below article:
http://www.pool.ntp.org/en/
0

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now