Link to home
Create AccountLog in
Avatar of cfgtechs
cfgtechsFlag for Guam

asked on

retire a 2003 domain controller, pass on control to existing 2008SVR


I have a 2008 server that has already joined the domain. I've added the DNS server role and it has synched the zones with the 2003 DNS Server which is also the original active directory server.  

On the 2003  i ran adprep32 /forestprep successfully.

Through changing my NIC DNS entry to the 2008 IP i have verified that i can connect to the domain.

i'm confused over a couple of technet articles as to how to proceed to give the 2008 control of the domain.

there's this article:
and there's this one:

my goal is to have the 2008 be the new DNS server and primary active directory eventually shutting off the 2003 machine. thanks!
Avatar of Lee W, MVP
Lee W, MVP
Flag of United States of America image

I'm a little fuzzy on what you've done so far.

You SHOULD have (as a high level overview)

0. PERFORM FULL BACKUPS --- AND UNDERSTAND how to properly restore AD without corrupting it!
1. Join 2008 server to the domain
2. BEFORE promoting 2008 to a DC or adding DNS server functionality, you should have run DCDIAG /C /E /V to ensure everything is working properly in AD and correct any unexpected errors.
3. Installed the AD role on the 2008 Server.
4. Run ADPREP commands on the 2003 server using the 2008 media to get AD up to date.
5. Run DCPROMO on the 2008 server, adding it as a domain controller - DNS would have automatically been installed and configured.
6. Set the new DC as a Global Catalog server.  
7. Run DCDIAG /C /E /V AGAIN on both servers and make sure everything is working properly.
8. After confirming everything is working properly, transfer the FSMO roles (using EITHER GUI or command line with NTDSUTIL.
9. Update your DHCP server with new DNS settings (transfer DHCP from the old DC to the new DC, assuming it was running on the old DC).
10.  SHUT DOWN your old DC for a few days and MAKE SURE everything is working properly.
11. Once confirmed that all is working properly, DEMOTE the 2003 server using DCPROMO and remove AD.
12. ASSUMING you have no 2003 DCs left and NEVER WILL, you MAY want to raise the Forest Functional Level and Domain Functional Levels.

If you don't know how to do more than 2 of these and/or don't know what I'm talking about in the steps above, you are not the best person right now to do this.  This is your network you're are upgrading.  If it's messed up, ALL your users are affected, not one PC.  KNOW THIS before doing or hire a pro to do it for you.  AT A MINIMUM, do this in a test environment FIRST.  IDEALLY your existing environment will be virtual and you can copy the VMs to an network environment and ACTUALLY do this in a test environment first with your actual servers.
Avatar of cfgtechs
Flag of Guam image

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Where do you see anger?  It's concern.  Concern after seeing people destroy networks not knowing what they are doing.  I'm sorry if I offended you.  I was by no means trying to suggest you were incapable of doing this, merely that for your best chance at success and prevent HUGE problems created if you do something wrong that seems logical to you but actually breaks things, you need to either BE a person who knows or BECOME a person that knows this (through practical experience), or HIRE a person that knows this.  Otherwise, it's like you're a nurse performing open heart surgery on a business network.  You MIGHT survive... but wouldn't you rather have a Heart Surgeon doing the operation?  Someone who knows intimately what they are doing?  Obviously your call... and why I provided that broad overview/checklist but I know what seems logical to me.
Avatar of cfgtechs