ExchangeKB
asked on
Demote and promote domain controller for new domain
I have active directory with 4 remotes sites and subnets, a remote site connected via VPN has a domain controller. this remote is being bought out by another firm who like to keep the IT equipment. I am planning to demote the server and set new local admin password for the server and workstations, and the on the server
-remove from current domain
- remove DNS server config
- remove VPN
-promote server to domain controller of a new domain with DNS and dhcp
- join all workstations to new domain
as the site has 1 server, it is also running file, print and some applications along with it being part of DFS
anything else I need to consider?
-remove from current domain
- remove DNS server config
- remove VPN
-promote server to domain controller of a new domain with DNS and dhcp
- join all workstations to new domain
as the site has 1 server, it is also running file, print and some applications along with it being part of DFS
anything else I need to consider?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Andy/ Hastech.
As i have found out, the organization structure will remain and the office is being franchised. To reduce the work involved, would it be worth breaking the VPN and once connection is terminated from my Domain controller, I can force transfer the FSMO roles to this server, meaning no work will required on the workstations. May be need to reconfigure DNS, but then i get to keep the group policy etc. Any thoughts ?
As i have found out, the organization structure will remain and the office is being franchised. To reduce the work involved, would it be worth breaking the VPN and once connection is terminated from my Domain controller, I can force transfer the FSMO roles to this server, meaning no work will required on the workstations. May be need to reconfigure DNS, but then i get to keep the group policy etc. Any thoughts ?
That is a possible solution, I would make sure you change any passwords used though to ensure you remain secure on your side.
Also, you may need to perform a metadata cleanup on both sides to remove any old references.
Also, you may need to perform a metadata cleanup on both sides to remove any old references.
ASKER
Any ideas on Roaming profiles if chose to demote and promote ?
I think there could be some admin required.
You'd need to ensure this is still configured and tested, make sure you have a backup just in case, roaming profiles can behave oddly when moved around, and in some scenarios deleting files when moved.
You'd need to ensure this is still configured and tested, make sure you have a backup just in case, roaming profiles can behave oddly when moved around, and in some scenarios deleting files when moved.
If you break the VPN and that DC is now effectively a standalone MemberServer/DC, I would check if the users are using it to for AD auth or if they are actually authenticating to the main DC back at HQ.
There is a command line prompt to trace the auth server that the users are using. I cant remember it off the top of my head right now, but will update you with it later.
If the users are authenticating to the main server and you break the VPN they may not have a DC to authenticate to.
Can you advise what roles you have on this server? Ignoring the ones that you may need to add later once its a standalone server.
There is a command line prompt to trace the auth server that the users are using. I cant remember it off the top of my head right now, but will update you with it later.
If the users are authenticating to the main server and you break the VPN they may not have a DC to authenticate to.
Can you advise what roles you have on this server? Ignoring the ones that you may need to add later once its a standalone server.
Does the server run DHCP?
Ensure that clients get a new DNS server setting so they can access the resources or edit the hosts file.