Removing old Domain Controllers

I have 2 old Server 2003 Domain Controllers that I want to remove.  I have a 2008 domain controller holding all FSMO roles plus a 2012 server that is a domain controller.  I am trying to whittle away all queries to these old servers for DNS but really want to get the domain functional level up to 2008 soon.  Is this a good plan-Make the main dns zone for our domain a secondary zone for these 2 servers (our zones are Active Directory Integrated), then dcpromo out the 2 old servers, leaving DNS running while continuing to eliminate possible sources of DNS queries.
habs1994Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

DrDave242Senior Support EngineerCommented:
Changing the zone to a secondary on those servers won't affect whether they're queried by other machines. The only way to make sure nothing queries those servers is to make sure nothing is configured to use them for DNS. If your clients obtain their IP addresses from DHCP, you can use the DHCP console to configure the list of DNS servers that is given to those clients. Machines with static addresses will have to be manually configured.

As long as nothing is configured to use only those 2003 servers, though, you should be fine. The Windows DNS client will eventually query every DNS server in its list if the first one or two don't respond (details are given here). The worst thing you'll see is a delay of up to a few seconds.
0
habs1994Author Commented:
No DHCP clients query them any longer, just a few devices that may require replacement/reconfigure that may take some time.  I don't want to ensure no other machines query just yet, just that those machines can have their roles as Domain Controllers while still servicing the occassional DNS request.
0
habs1994Author Commented:
Typed a little too fast.  I want to ensure that the old DCs can be demoted and still service the occassional DNS request.
0
DrDave242Senior Support EngineerCommented:
Ah, OK. In that case, yes, your AD-integrated zones will have to be configured as secondary zones on those servers, and zone transfers will need to be set up to copy them from the other DCs.

You may find it simpler to demote the 2003 DCs first, then recreate the zones as secondaries. I'm not sure you can change an existing zone from AD-integrated primary to standard secondary on a DC, since it'll be replicating the zone within AD from the other DCs already. You might end up with multiple copies of the zone in that case.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
footechCommented:
What I have observed is that when you change a Primary AD-integrated zone directly to a Secondary, it will remove the zone from AD and when this is replicated the zone gets deleted from all other participating DCs.

So I think your procedure will have to be to demote the old DCs, removing them from replication, after which you can set up the zones as Secondary on those machines.

If you wanted to change the DNS config before demotion, you would have to set the zone as a primary non-AD-integrated zone on a DC that will remain, set up other servers as secondary, then after demotion of DCs you could change the zone back to AD-integrated (removing the secondary from the other remaining DC(s) first).  Easier to make a mistake with this method.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.