gopher_49
asked on
manually removing two DC's that don't have any FSMO roles
We are migrating an entire domain environment for to a new datacenter. Two of the old DC's will be staying and not moving. They do not hold any of the FSMO roles. How do we manually remove them? We can't do it before hand for the loosing data center won't let us and they manage the existing domain environment for two companies reside in it.
ASKER
Mahesh,
Do you have a link you suggest following ?
Do you have a link you suggest following ?
ASKER
We'll update this post this weekend when we make the changes
The above makes no reference to modifying static and DHCP configuration on clients that use these two servers as DNS.
Also, what else runs on these two DCs?
Also, what else runs on these two DCs?
I have done this numerous times and I have always done it using metadata cleanup. Below is another link. If you are not familiar with ntdsutil then I suggest stick with MS ways of doing cleanup using AD Users and Computers.
https://www.itprotoday.com/data-security-and-encryption/quantum-computing-doesn-t-threaten-good-encryption-yet
https://www.itprotoday.com/data-security-and-encryption/quantum-computing-doesn-t-threaten-good-encryption-yet
That process is already posted above. As mentioned, this does not take in account the endpoint configuration, additional roles on DCs or the overall health of the environment
Yes, Issue might come if both DCs are listed in DHCP scopes etc or static entries on servers / clients, good catch Shaun !
post data center migration and during metadata clean-up those DC entries should be removed from all places it may exists such as DHCP scopes, static dns entries, access points and so on.
post data center migration and during metadata clean-up those DC entries should be removed from all places it may exists such as DHCP scopes, static dns entries, access points and so on.
ASKER
The static DNS entries on the NIC will be changed to only reference the DC's that will be staying and the firewall was the DHCP server. In our steps we have noted to remove the old DNS server reference. I'll update everyone asap
ASKER
We just noticed that in sites and services there are two sites. One site has the local subnet of where one of the DC's we are removing is located. Shouldn't we post migration remove that subnet and add it to the sites and services where the DC we are keeping will be? That way clients in that subnet use the DC we are keeping, correct?
Also,
The firewall handles DHCP and DNS points to the DC we are keeping.
Also,
The firewall handles DHCP and DNS points to the DC we are keeping.
The subnets where the old dc is located will remain their with old site
Are you using same old subnets at new data center?
If yes, you need to change those subnets site assignments to reflect to new data center AD site
Else simply delete those subnets from AD sites and services
Are you using same old subnets at new data center?
If yes, you need to change those subnets site assignments to reflect to new data center AD site
Else simply delete those subnets from AD sites and services
ASKER
Users and / or the LAN/subnet will stay but the DC in the LAN/subnet will be gone. That DC is one we'll be removing manually. The loosing provider won't make changes prior to migration.. so... I assume after the migration we remove the subnet from the old site and add to the site we'll be keeping where the DC we'll be keeping is. Correct? That was the local LAN's subnet will match the site listed that has the DC we are keeping
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
Basically from domain controllers ou, remove / delete dc, accept any prompted checkboxes when asked and remove it, force ad replication
Then remove dc object from ad sites and services and remove dc records from ad sites and services