Solved

Demoting a Domain Controller and switching DNS server

Posted on 2015-02-03
16
172 Views
Last Modified: 2015-02-05
We have a new Microsoft Windows Server 2012 R2 Standard server that we have made a Global Catalog/Domain Controller/DNS server to replace our secondary DNS server which is a Windows 2003 Server.

We have already prepared the Forest and replication has been tested but our question is twofold. Can we run DCPROMO on the Windows 2003 and this will also get rid of DNS on the 2003 server and how can we get the end user systems to see the new secondary 2012 DNS server?

The servers and other equipment that have static IPs have been manually changed and the new server listed in the DNS entries as static but how can we quickly/easily get the rest of the equipment to see the new DNS server? IPCONFIG /FLUSHDNS?
0
Comment
Question by:regsamp
  • 7
  • 5
  • 2
  • +1
16 Comments
 
LVL 34

Accepted Solution

by:
Seth Simmons earned 167 total points
Comment Utility
...and this will also get rid of DNS on the 2003 server

no it will not remove dns server

how can we get the end user systems to see the new secondary 2012 DNS server

change all your systems (either dhcp scope or manually if using static)
0
 
LVL 11

Expert Comment

by:Bryant Schaper
Comment Utility
Change the DHCP scope and reboot.  The workstations need to change their logon server as well, and this happens during boot.
0
 

Author Comment

by:regsamp
Comment Utility
Okay, so we have to use Manage Your Server in 2003 to remove DNS but where do we change the DNS secondary option in the "dhcp scope"?
0
 

Author Comment

by:regsamp
Comment Utility
The FSMO and primary DNS server is not changing as well as the logon server so do they need to change that?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
...and this will also get rid of DNS on the 2003 server
Just to be clear, when you demote a domain controller, the DNS server role does not get removed but, if you are using AD-integrated Zones the 2003 server will be removed from delegation on all of the ADI zones it was hosting.

So yes it still has the role installed but it is removed from Active Directory Integrated Zones. Any other Zones that are not AD Integrated will still remain.

Also stated, configure DHCP scopes for your clients, remove all of the client leases, this will force them to get the new settings published by DHCP.

Unfortunately you will need to manually configure any servers or workstations that are using static IP addresses for DNS.

Will.
0
 
LVL 11

Expert Comment

by:Bryant Schaper
Comment Utility
The FSMO and primary DNS server is not changing as well as the logon server so do they need to change that?

Is the existing logon server the 2003 box?  You want them to use the new one correct?
0
 

Author Comment

by:regsamp
Comment Utility
So should I remove the DNS option role first, change the DHCP scope with the steps below and then run the dcpromo on the 2003 server to remove it?

Open the DHCP console.
In the console tree, click the applicable scope.
On the Action menu, click Properties.
View or modify scope properties as needed.
0
 

Author Comment

by:regsamp
Comment Utility
"Is the existing logon server the 2003 box?  You want them to use the new one correct?"

No the logon server is a totally different server that is not the existing one or the new one. The primary FSMO and DNS server right now is the logon server and we are not touching that one at all.
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 11

Expert Comment

by:Bryant Schaper
Comment Utility
I would change DHCP first to get the users off DNS server.
0
 
LVL 34

Expert Comment

by:Seth Simmons
Comment Utility
i wouldn't remove dns before doing a dcpromo
the server is probably looking to itself for dns which would be bad if you broke that
change your dhcp scope(s) to point to the new dns server and test that first before taking down anything on the 2003 server
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 167 total points
Comment Utility
Set the DNS (on your clients and servers) to point to your primary server (before you do anything), change DHCP scope to set the Primary DNS server to the domain controller that is primary.


Open the DHCP console.
In the console tree, click the applicable scope.
On the Action menu, click Properties.
View or modify scope properties as needed.

That is correct.

Once all of your clients are pointing to the DC that will stay online you can start the demotion. Remove DNS role from the 2003 server once it is demoted.

Will.
0
 
LVL 11

Assisted Solution

by:Bryant Schaper
Bryant Schaper earned 166 total points
Comment Utility
so just change the dhcp scope to reflect the new ones.

I think maybe we got off track, your workstations find the domain controllers by querying DNS, so if they are using the "untouched" server now, and you have that as the primary DNS, you can probably safely run dcpromo to remove the AD roles, and you can remove DNS as well if nothing is currently pointing to it as primary.
0
 

Author Comment

by:regsamp
Comment Utility
Okay, so add the new 2012 server to the DHCP DNS Server scopes. When ready change the DHCP scope to remove the 2003/Secondary one. When we are ready, run dcpromo and then remove the DNS role from the 2003 server.
0
 
LVL 11

Expert Comment

by:Bryant Schaper
Comment Utility
yes
0
 

Author Comment

by:regsamp
Comment Utility
Okay, thank you!
0
 

Author Comment

by:regsamp
Comment Utility
Okay, I will take this slow and then post anything. Thank you Will, Seth and Bryant.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Resolve DNS query failed errors for Exchange
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now