How do you remove a 2003 AD/DNS from a domain

This is kinda a wacky situation.

The domain was originally setup as a 2003, then someone added a 2008 DC. I want to remove the 2003 DC, so I created another one and added it to the Forest under the same Domain. All three a GC's which is strange as I thought only one could be.

How can I remove the 2003 DC, and escalate the AD to be non- windows 2000 compliant? All workstations are either XP or WIndows 7.
LVL 4
JoeteckAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Nick RhodeIT DirectorCommented:
The most important thing is to transfer the FSMO roles prior to demoting and removing the server.  On that server you can type in command prompt: netdom query fsmo

If that server is not the master you should be ok to demote, otherwise you have to transfer the FSMO roles to another before demoting.  Make sure all the roles are held on your primary server before taking it offline.  Once this is achieved or not a factor you can do a dcpromo and demote it from the domain.

Open up AD and for the domain forest right-click and check out Operations Masters, this will tell you which one is primary.

As for raising the domain function level its in the same area.  In AD right-click the domain and choose Raise Domain Function level.  This is where you will raise it from 2000 to a higher functionality.  Keep in mind that you can always raise the domain function level but never go backwards.

Here is a little cheat-sheet to look over when decommissioning a domain controller by Tech-Net:  Decomission Server 2003

Basically covers and explains how to go about it :)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lee W, MVPTechnology and Business Process AdvisorCommented:
Actually in 2012 and I think in 2008 R2 you can lower the functional levels if you haven't started using features that require them.

Before you do anything, you should run DCDIAG /C /E /V on all DCs and resolve any unexpected errors.

Transfer FSMO roles if necessary.

Make sure any systems using the 2003 server for DNS have been repointed to new servers (if using DHCP this should be pretty easy as you just need to change the config of DHCP.

Then shut down the 2003 server for a few days and MAKE SURE the network continues to operate normally.  Assuming everything is good, then power on the 2003 server and run DCPROMO to REMOVE AD from the server - do not just shut it down and pull it from the network.  The proper way is to run DCPROMO to demote
JoeteckAuthor Commented:
@ Nick, I ran that command and it shows all the roles are all on the 2008 DC. I'm guessing that's an awesome result? lol. Its simply just running DCPromo, and removing it correct?
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

JoeteckAuthor Commented:
@ Lee, I ran that command as well and dumped it to a text file for you to review.
DCDIAG.txt
Nick RhodeIT DirectorCommented:
Lee does bring up something that can be done by doing a DCDiag.  Otherwise yes, run dcpromo to demote it
Lee W, MVPTechnology and Business Process AdvisorCommented:
Joeteck,

I'm sorry if I misjudged your skill level - my comment was to provide a basic checklist. All the experts on this site volunteer their time to help others and I don't mind doing what I can when I can - I have for nearly 20 years here... but at the moment I don't have the time to review the results file in a manner that I would consider thorough and complete for all DCs.  If this is not something you're comfortable doing yourself, you should probably seek out professional paid services to do this project for you.  

If others can spare the time to review the the file, they may be able to further assist (I might if I find I have the time later).  But in general, the kind of review I would do is something I typically charge clients for and can take 15-30 minutes per DC depending on what's found.

If you still think the best course of action is doing it yourself, then I encourage you to review the file and note any failures and research and ask for assistance with those items that do not pass.
Lee W, MVPTechnology and Business Process AdvisorCommented:
Keep in mind, for as much as we can help you here this is a forum and what you want to amounts to a significant change on your network.  If something goes wrong all your users could be unable to work if you don't currently have the skills and experience to properly perform this operation.  No insult is intended with this or my prior comment - I've seen too many people that think "this must be easy" and get themselves into trouble... and while it is a routine operation of sorts, if you don't at least have someone on call who could at least remote in to resolve issues and provide advice based on the actual configuration witnessed, if something goes wrong, that's when the fan gets really dirty (and smelly).
JoeteckAuthor Commented:
@ Nick, I did find a few errors in the DCdiag, but should I be concerned? I have three DCs now, and demoting it should not matter as everything points to the 2008 DC, correct?
JoeteckAuthor Commented:
These are the error's I've found in that text file:

****************************************
Starting test: FrsEvent

         * The File Replication Service Event log test
         The event log File Replication Service on server

         DC2008.<mydomain.com> could not be queried, error 0x6ba

         "The RPC server is unavailable."

         ......................... DC2008 failed test FrsEvent

Starting test: KccEvent

         * The KCC Event log test
         The event log Directory Service on server DC2008.<mydomain.com>

         could not be queried, error 0x6ba "The RPC server is unavailable."

         ......................... DC2008 failed test KccEvent


   DC=<mydomain>,DC=com
            (Domain,Version 3)
         ......................... DC2008 failed test NCSecDesc

 Starting test: SystemLog

         * The System Event log test
         The event log System on server DC2008.<mydomain.com> could not be

         queried, error 0x6ba "The RPC server is unavailable."

         ......................... DC2008 failed test SystemLog

 Testing server: Default-First-Site-Name\DC2003

      Starting test: Advertising

         The DC DC2003 is advertising itself as a DC and having a DS.
         The DC DC2003 is advertising as an LDAP server
         The DC DC2003 is advertising as having a writeable directory
         The DC DC2003 is advertising as a Key Distribution Center
         Warning: DC2003 is not advertising as a time server.

         The DS DC2003 is advertising as a GC.
         ......................... DC2003 failed test Advertising


     ......................... DC2003 failed test NCSecDesc

 An error event occurred.  EventID: 0xC25A001D

            Time Generated: 03/11/2015   12:24:28

            (Event String (event log = System) could not be retrieved, error

            0x13d)

         ......................... DC2003 failed test SystemLog

 ......................... DC2008-2 failed test NCSecDesc


*************************************

I'm going to look each one up and try to fix them, however if anything jumps out at your as a red flag, please do not hesitate to post.
Seth SimmonsSr. Systems AdministratorCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.