DCpromo down a server and adding it back

Posted on 2016-09-26
Last Modified: 2016-10-31
I am in the process of converting our servers to VmWare and don't want to risk migrating my Domain controllers.  I have several things pointed to the DNS of the IP of my DC'S.   I was wondering if it is okay to DCpromo down an existing DC, migrate it and then DCpromo the same machine back to a domain controller.  I would transfer all of the roles off before the process of bringing it down.    The server is 2008 R2.
Thank you.
Question by:Tim Lewis
  • 3
  • 3
  • 2

Accepted Solution

sAMAccountName earned 500 total points
ID: 41816193
Shouldnt be a problem at all.  Just expect those servers pointing to it to encounter dns resolution issues until the DC is back up and running.  If you want to avoid that, you can demote the DC but leave DNS in place so it will act as a caching server for clients.  Any client that is pointing to it directly via IP for LDAP is going to have authentication issues while it is offline (some third party apps can use IP addresses for a DC in their LDAP configuration - you should know where these are and update them accordingly)

Make sure after you demote the domain controller that all the DNS records for it are gone.
LVL 119
ID: 41816472
That is one method of doing it.

Why not create a new VM, and transfer the roles.

Author Comment

by:Tim Lewis
ID: 41816476
I can minimize the DNS server downtime this way.    If I remove it as a DC but keep the DNS role I don't have to reconfigure anything on the network for the DNS being used.
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

LVL 119
ID: 41816488
do you not have two DNS servers at present ?

Author Comment

by:Tim Lewis
ID: 41816491
We do.  I just figured this is easier than setting up a server, bringing down the current, changing the IP on the new one to match the old.   I am trying to avoid changing the DNS setting on the network cards of any devices that are not DHCP.
LVL 119
ID: 41816569
if you have two DNS servers, clients, will use the second DNS server, if the first is not available.

so it does not matter, how long your first server is down for!

Expert Comment

ID: 41816618
if you have two DNS servers, clients, will use the second DNS server, if the first is not available.

In theory, thats correct.  In practice however, some platforms dont behave that way.  Ubuntu for instance will latch onto a DNS server and hang on for dear life.  if that server goes down, it doesnt gracefully fail over to the next.  It *sorta* starts using the next in the list, but odd things happen with LDAP and other things until you clear the cache/restart the network daemon.

Author Closing Comment

by:Tim Lewis
ID: 41866941
Worked Great.  All connect reestablished themselves after it came back online as a DC.  Just had to clear out some DNS entries that were left behind after demote.

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
vSphere HA Warning 1 41
host cache 3 33
Cleaning up a desktop after leaving a domain 3 27
How to find computer SID in windows server 2008 r2 3 42
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question