Link to home
Create AccountLog in
Avatar of gopher_49
gopher_49

asked on

manually removing two DC's that don't have any FSMO roles

We are migrating an entire domain environment for to a new datacenter.  Two of the old DC's will be staying and not moving.  They do not hold any of the FSMO roles.  How do we manually remove them?   We can't do it before hand for the loosing data center won't let us and they manage the existing domain environment for two companies reside in it.
Avatar of Mahesh
Mahesh
Flag of India image

If source and target data center will not communicate each other, then post your data center migration, remove those dc from ad directly, the process is known as metadata cleanup

Basically from domain controllers ou, remove / delete dc, accept any prompted checkboxes when asked and remove it, force ad replication
Then remove dc object from ad sites and services and remove dc records from ad sites and services
Avatar of gopher_49
gopher_49

ASKER

Mahesh,

Do you have a link you suggest following ?
We'll update this post this weekend when we make the changes
The above makes no reference to modifying static and DHCP configuration on clients that use these two servers as DNS.

Also, what else runs on these two DCs?
I have done this numerous times and I have always done it using metadata cleanup.  Below is another link.  If you are not familiar with ntdsutil then I suggest stick with MS ways of doing cleanup using AD Users and Computers.

https://www.itprotoday.com/data-security-and-encryption/quantum-computing-doesn-t-threaten-good-encryption-yet
That process is already posted above. As mentioned, this does not take in account the endpoint configuration, additional roles on DCs or the overall health of the environment
Yes, Issue might come if both DCs are listed in DHCP scopes etc or static entries on servers / clients, good catch Shaun !

post data center migration and during metadata clean-up those DC entries should be removed from all places it may exists such as DHCP scopes, static dns entries, access points and so on.
The static DNS entries on the NIC will be changed to only reference the DC's that will be staying and the firewall was the DHCP server. In our steps we have noted to remove the old DNS server reference.  I'll update everyone asap
We just noticed that in sites and services there are two sites.  One site has the local subnet of where one of the DC's we are removing is located.  Shouldn't we post migration remove that subnet and add it to the sites and services where the DC we are keeping will be?  That way clients in that subnet use the DC we are keeping, correct?

Also,

The firewall handles DHCP and DNS points to the DC we are keeping.
The subnets where the old dc is located will remain their with old site

Are you using same old subnets at new data center?
If yes, you need to change those subnets site assignments to reflect to new data center AD site
Else simply delete those subnets from AD sites and services
Users and / or the LAN/subnet will stay but the DC in the LAN/subnet will be gone.  That DC is one we'll be removing manually.  The loosing provider won't make changes prior to migration..  so...  I assume after the migration we remove the subnet from the old site and add to the site we'll be keeping where the DC we'll be keeping is.  Correct?  That was the local LAN's subnet will match the site listed that has the DC we are keeping
ASKER CERTIFIED SOLUTION
Avatar of Mahesh
Mahesh
Flag of India image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer