Solved

Demoting a Domain Controller and switching DNS server

Posted on 2015-02-03
16
176 Views
Last Modified: 2015-02-05
We have a new Microsoft Windows Server 2012 R2 Standard server that we have made a Global Catalog/Domain Controller/DNS server to replace our secondary DNS server which is a Windows 2003 Server.

We have already prepared the Forest and replication has been tested but our question is twofold. Can we run DCPROMO on the Windows 2003 and this will also get rid of DNS on the 2003 server and how can we get the end user systems to see the new secondary 2012 DNS server?

The servers and other equipment that have static IPs have been manually changed and the new server listed in the DNS entries as static but how can we quickly/easily get the rest of the equipment to see the new DNS server? IPCONFIG /FLUSHDNS?
0
Comment
Question by:regsamp
  • 7
  • 5
  • 2
  • +1
16 Comments
 
LVL 34

Accepted Solution

by:
Seth Simmons earned 167 total points
ID: 40587375
...and this will also get rid of DNS on the 2003 server

no it will not remove dns server

how can we get the end user systems to see the new secondary 2012 DNS server

change all your systems (either dhcp scope or manually if using static)
0
 
LVL 12

Expert Comment

by:Bryant Schaper
ID: 40587384
Change the DHCP scope and reboot.  The workstations need to change their logon server as well, and this happens during boot.
0
 

Author Comment

by:regsamp
ID: 40587388
Okay, so we have to use Manage Your Server in 2003 to remove DNS but where do we change the DNS secondary option in the "dhcp scope"?
0
 

Author Comment

by:regsamp
ID: 40587391
The FSMO and primary DNS server is not changing as well as the logon server so do they need to change that?
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40587398
...and this will also get rid of DNS on the 2003 server
Just to be clear, when you demote a domain controller, the DNS server role does not get removed but, if you are using AD-integrated Zones the 2003 server will be removed from delegation on all of the ADI zones it was hosting.

So yes it still has the role installed but it is removed from Active Directory Integrated Zones. Any other Zones that are not AD Integrated will still remain.

Also stated, configure DHCP scopes for your clients, remove all of the client leases, this will force them to get the new settings published by DHCP.

Unfortunately you will need to manually configure any servers or workstations that are using static IP addresses for DNS.

Will.
0
 
LVL 12

Expert Comment

by:Bryant Schaper
ID: 40587402
The FSMO and primary DNS server is not changing as well as the logon server so do they need to change that?

Is the existing logon server the 2003 box?  You want them to use the new one correct?
0
 

Author Comment

by:regsamp
ID: 40587403
So should I remove the DNS option role first, change the DHCP scope with the steps below and then run the dcpromo on the 2003 server to remove it?

Open the DHCP console.
In the console tree, click the applicable scope.
On the Action menu, click Properties.
View or modify scope properties as needed.
0
 

Author Comment

by:regsamp
ID: 40587406
"Is the existing logon server the 2003 box?  You want them to use the new one correct?"

No the logon server is a totally different server that is not the existing one or the new one. The primary FSMO and DNS server right now is the logon server and we are not touching that one at all.
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 12

Expert Comment

by:Bryant Schaper
ID: 40587409
I would change DHCP first to get the users off DNS server.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40587411
i wouldn't remove dns before doing a dcpromo
the server is probably looking to itself for dns which would be bad if you broke that
change your dhcp scope(s) to point to the new dns server and test that first before taking down anything on the 2003 server
0
 
LVL 53

Assisted Solution

by:Will Szymkowski
Will Szymkowski earned 167 total points
ID: 40587413
Set the DNS (on your clients and servers) to point to your primary server (before you do anything), change DHCP scope to set the Primary DNS server to the domain controller that is primary.


Open the DHCP console.
In the console tree, click the applicable scope.
On the Action menu, click Properties.
View or modify scope properties as needed.

That is correct.

Once all of your clients are pointing to the DC that will stay online you can start the demotion. Remove DNS role from the 2003 server once it is demoted.

Will.
0
 
LVL 12

Assisted Solution

by:Bryant Schaper
Bryant Schaper earned 166 total points
ID: 40587417
so just change the dhcp scope to reflect the new ones.

I think maybe we got off track, your workstations find the domain controllers by querying DNS, so if they are using the "untouched" server now, and you have that as the primary DNS, you can probably safely run dcpromo to remove the AD roles, and you can remove DNS as well if nothing is currently pointing to it as primary.
0
 

Author Comment

by:regsamp
ID: 40587419
Okay, so add the new 2012 server to the DHCP DNS Server scopes. When ready change the DHCP scope to remove the 2003/Secondary one. When we are ready, run dcpromo and then remove the DNS role from the 2003 server.
0
 
LVL 12

Expert Comment

by:Bryant Schaper
ID: 40587420
yes
0
 

Author Comment

by:regsamp
ID: 40587422
Okay, thank you!
0
 

Author Comment

by:regsamp
ID: 40587429
Okay, I will take this slow and then post anything. Thank you Will, Seth and Bryant.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now