Demoting and Re-promoting AD domain controller steps ?
Hi people
I’m currently trying to fix the physical box Windows Server 2012 R2 domain controller in a remote site office where the AD replication is not going both ways.
Since this box is running as Domain Controller, DNS (AD-Integrated) and DHCP for the AD Site Office13, what would happens to the computers workstations when I demote the Domain Controller role above, wait 1 hour and then re-promote it again as domain controller ?
My plan are as follows to reduce 50 office users email outage and internet connection:
1. Change the DHCP scope DNS to point to Data Center
2. Reduce the DHCP scope into 1 hour
3. Demote AD role
4. Reboot
5. Wait until 30 minutes
6. Promote as AD domain controller
7. Configure AD-Integrated (is it necessary ?)
8. Change the DHCP scope back to 8 days
9. Change the DHCP scope DNS into itself and one DNS server in Data Center AD Site.
Let me know if I missed anything important in the above steps ?
I’m currently trying to fix the physical box Windows Server 2012 R2 domain controller in a remote site office where the AD replication is not going both ways.
Since this box is running as Domain Controller, DNS (AD-Integrated) and DHCP for the AD Site Office13, what would happens to the computers workstations when I demote the Domain Controller role above, wait 1 hour and then re-promote it again as domain controller ?
My plan are as follows to reduce 50 office users email outage and internet connection:
1. Change the DHCP scope DNS to point to Data Center
2. Reduce the DHCP scope into 1 hour
3. Demote AD role
4. Reboot
5. Wait until 30 minutes
6. Promote as AD domain controller
7. Configure AD-Integrated (is it necessary ?)
8. Change the DHCP scope back to 8 days
9. Change the DHCP scope DNS into itself and one DNS server in Data Center AD Site.
Let me know if I missed anything important in the above steps ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hm...
Yes I forgot to do the AD metadata cleanup.
Yes I forgot to do the AD metadata cleanup.
ASKER
No I do not need to change the IP address and DC name.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Arnold,
Yes that's what I have already add statically, from the AD Sites and Service, I've added the static connection to the Data Center DC, but somehow the problem still exist.
Is there anything that I missed from the steps above ?
Note: this is the other thread that is explaining the detailed issue: https://www.experts-exchange.com/questions/28706758/Confusing-issue-in-AD-replication-report-from-multiple-DC.html
Yes that's what I have already add statically, from the AD Sites and Service, I've added the static connection to the Data Center DC, but somehow the problem still exist.
Is there anything that I missed from the steps above ?
Note: this is the other thread that is explaining the detailed issue: https://www.experts-exchange.com/questions/28706758/Confusing-issue-in-AD-replication-report-from-multiple-DC.html
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok, somehow the decommission side effect gone wrong :-|
https://www.experts-exchange.com/questions/28710913/Workstations-lost-its-trust-relationship-with-AD-domain-after-the-only-DC-GC-in-the-AD-Site-is-demoted-but-still-have-multiple-other-DC-GC-in-Data-Center.html
One by one the workstations popping up the Error that the Trust Relationship has broken ?!?!
https://www.experts-exchange.com/questions/28710913/Workstations-lost-its-trust-relationship-with-AD-domain-after-the-only-DC-GC-in-the-AD-Site-is-demoted-but-still-have-multiple-other-DC-GC-in-Data-Center.html
One by one the workstations popping up the Error that the Trust Relationship has broken ?!?!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yes Arnold, that was probably the case when this site office is opened, the Domain Controller is build first and then the computer straight out of the box joined to the domain.
However yes, what are my options back then to avoid this thing happening ?
However yes, what are my options back then to avoid this thing happening ?
Do not dev omission of only DC in the location where ............
Taking the time to fix replication by identifying the cause reasons versus disjoin/rejoin......
Taking the time to fix replication by identifying the cause reasons versus disjoin/rejoin......
ASKER