Demoting a Domain Controller and switching DNS server

We have a new Microsoft Windows Server 2012 R2 Standard server that we have made a Global Catalog/Domain Controller/DNS server to replace our secondary DNS server which is a Windows 2003 Server.

We have already prepared the Forest and replication has been tested but our question is twofold. Can we run DCPROMO on the Windows 2003 and this will also get rid of DNS on the 2003 server and how can we get the end user systems to see the new secondary 2012 DNS server?

The servers and other equipment that have static IPs have been manually changed and the new server listed in the DNS entries as static but how can we quickly/easily get the rest of the equipment to see the new DNS server? IPCONFIG /FLUSHDNS?
regsampAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Seth SimmonsConnect With a Mentor Sr. Systems AdministratorCommented:
...and this will also get rid of DNS on the 2003 server

no it will not remove dns server

how can we get the end user systems to see the new secondary 2012 DNS server

change all your systems (either dhcp scope or manually if using static)
0
 
Bryant SchaperCommented:
Change the DHCP scope and reboot.  The workstations need to change their logon server as well, and this happens during boot.
0
 
regsampAuthor Commented:
Okay, so we have to use Manage Your Server in 2003 to remove DNS but where do we change the DNS secondary option in the "dhcp scope"?
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
regsampAuthor Commented:
The FSMO and primary DNS server is not changing as well as the logon server so do they need to change that?
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
...and this will also get rid of DNS on the 2003 server
Just to be clear, when you demote a domain controller, the DNS server role does not get removed but, if you are using AD-integrated Zones the 2003 server will be removed from delegation on all of the ADI zones it was hosting.

So yes it still has the role installed but it is removed from Active Directory Integrated Zones. Any other Zones that are not AD Integrated will still remain.

Also stated, configure DHCP scopes for your clients, remove all of the client leases, this will force them to get the new settings published by DHCP.

Unfortunately you will need to manually configure any servers or workstations that are using static IP addresses for DNS.

Will.
0
 
Bryant SchaperCommented:
The FSMO and primary DNS server is not changing as well as the logon server so do they need to change that?

Is the existing logon server the 2003 box?  You want them to use the new one correct?
0
 
regsampAuthor Commented:
So should I remove the DNS option role first, change the DHCP scope with the steps below and then run the dcpromo on the 2003 server to remove it?

Open the DHCP console.
In the console tree, click the applicable scope.
On the Action menu, click Properties.
View or modify scope properties as needed.
0
 
regsampAuthor Commented:
"Is the existing logon server the 2003 box?  You want them to use the new one correct?"

No the logon server is a totally different server that is not the existing one or the new one. The primary FSMO and DNS server right now is the logon server and we are not touching that one at all.
0
 
Bryant SchaperCommented:
I would change DHCP first to get the users off DNS server.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
i wouldn't remove dns before doing a dcpromo
the server is probably looking to itself for dns which would be bad if you broke that
change your dhcp scope(s) to point to the new dns server and test that first before taking down anything on the 2003 server
0
 
Will SzymkowskiConnect With a Mentor Senior Solution ArchitectCommented:
Set the DNS (on your clients and servers) to point to your primary server (before you do anything), change DHCP scope to set the Primary DNS server to the domain controller that is primary.


Open the DHCP console.
In the console tree, click the applicable scope.
On the Action menu, click Properties.
View or modify scope properties as needed.

That is correct.

Once all of your clients are pointing to the DC that will stay online you can start the demotion. Remove DNS role from the 2003 server once it is demoted.

Will.
0
 
Bryant SchaperConnect With a Mentor Commented:
so just change the dhcp scope to reflect the new ones.

I think maybe we got off track, your workstations find the domain controllers by querying DNS, so if they are using the "untouched" server now, and you have that as the primary DNS, you can probably safely run dcpromo to remove the AD roles, and you can remove DNS as well if nothing is currently pointing to it as primary.
0
 
regsampAuthor Commented:
Okay, so add the new 2012 server to the DHCP DNS Server scopes. When ready change the DHCP scope to remove the 2003/Secondary one. When we are ready, run dcpromo and then remove the DNS role from the 2003 server.
0
 
Bryant SchaperCommented:
yes
0
 
regsampAuthor Commented:
Okay, thank you!
0
 
regsampAuthor Commented:
Okay, I will take this slow and then post anything. Thank you Will, Seth and Bryant.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.