Jump to content

Replace 1st Windows 2003 DC

Guest rick

By Guest rick
in Windows 2003 Server

 Share

Recommended Posts

Guest rick

Guest rick

Posted
Posted

Hello All,

 

We currently have 3 Windows DCs running. All servers are running under 1

domain (yourdomain.com), very simple. We also have 3 Back End and 2 Front

End Exchange 2003 servers running.

 

We would like to get rid of the 1st DC and replace it with another server.

 

Please tell me what are the steps to make this a smooth switchover without

shutting down or rebooting any Windows or Exchange servers.

 

Many thx,

Ricky

  • Replies 7
  • Created
  • Last Reply

Popular Days

Popular Days

Guest JohnB

Guest JohnB

Posted
Posted

Re: Replace 1st Windows 2003 DC

 

When you say "1st DC", you do mean that it was the very first DC that came

online in that domain, correct?

 

Without writing an entire book, you are going to have to demote that DC,

using dcpromo (you can Google, to get specifics).

And then you're going to have to transfer the FSMO roles. Again, Google is

your friend in this. Here's an article that covers it well:

http://www.petri.co.il/transferring_fsmo_roles.htm

 

As far as reboots go; you won't have to reboot any of the remaining DC's.

And I can't think of any reason that you'd have to reboot the Exchange

server, but you could ask in that group.

 

HTH

 

 

 

"rick" <thangr@uchastings.edu> wrote in message

news:e9qEECyfIHA.536@TK2MSFTNGP06.phx.gbl...

> Hello All,

>

> We currently have 3 Windows DCs running. All servers are running under 1

> domain (yourdomain.com), very simple. We also have 3 Back End and 2 Front

> End Exchange 2003 servers running.

>

> We would like to get rid of the 1st DC and replace it with another server.

>

> Please tell me what are the steps to make this a smooth switchover without

> shutting down or rebooting any Windows or Exchange servers.

>

> Many thx,

> Ricky

>

>

>

Guest kj [SBS MVP]

Guest kj [SBS MVP]

Posted
Posted

Re: Replace 1st Windows 2003 DC

 

JohnB wrote:

> When you say "1st DC", you do mean that it was the very first DC that

> came online in that domain, correct?

>

> Without writing an entire book, you are going to have to demote that

> DC, using dcpromo (you can Google, to get specifics).

> And then you're going to have to transfer the FSMO roles. Again,

> Google is your friend in this. Here's an article that covers it well:

> http://www.petri.co.il/transferring_fsmo_roles.htm

>

> As far as reboots go; you won't have to reboot any of the remaining

> DC's. And I can't think of any reason that you'd have to reboot the

> Exchange server, but you could ask in that group.

>

> HTH

 

Enabling a DC as a Global Catalog needs a reboot, which might be needed and

desireable.

>

>

>

> "rick" <thangr@uchastings.edu> wrote in message

> news:e9qEECyfIHA.536@TK2MSFTNGP06.phx.gbl...

>> Hello All,

>>

>> We currently have 3 Windows DCs running. All servers are running

>> under 1 domain (yourdomain.com), very simple. We also have 3 Back

>> End and 2 Front End Exchange 2003 servers running.

>>

>> We would like to get rid of the 1st DC and replace it with another

>> server. Please tell me what are the steps to make this a smooth

>> switchover

>> without shutting down or rebooting any Windows or Exchange servers.

>>

>> Many thx,

>> Ricky

 

--

/kj

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: Replace 1st Windows 2003 DC

 

Hello kj [sBS MVP],

 

Why needs GC activation a reboot? Did it more often and never was prompted

to reboot. Also in the event viewer it states that GC activation was succesful

after a period of 5 minutes.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> JohnB wrote:

>

>> When you say "1st DC", you do mean that it was the very first DC that

>> came online in that domain, correct?

>>

>> Without writing an entire book, you are going to have to demote that

>> DC, using dcpromo (you can Google, to get specifics).

>> And then you're going to have to transfer the FSMO roles. Again,

>> Google is your friend in this. Here's an article that covers it

>> well:

>> http://www.petri.co.il/transferring_fsmo_roles.htm

>> As far as reboots go; you won't have to reboot any of the remaining

>> DC's. And I can't think of any reason that you'd have to reboot the

>> Exchange server, but you could ask in that group.

>>

>> HTH

>>

> Enabling a DC as a Global Catalog needs a reboot, which might be

> needed and desireable.

>

>> "rick" <thangr@uchastings.edu> wrote in message

>> news:e9qEECyfIHA.536@TK2MSFTNGP06.phx.gbl...

>>> Hello All,

>>>

>>> We currently have 3 Windows DCs running. All servers are running

>>> under 1 domain (yourdomain.com), very simple. We also have 3 Back

>>> End and 2 Front End Exchange 2003 servers running.

>>>

>>> We would like to get rid of the 1st DC and replace it with another

>>> server. Please tell me what are the steps to make this a smooth

>>> switchover

>>> without shutting down or rebooting any Windows or Exchange servers.

>>> Many thx,

>>> Ricky

Guest kj [SBS MVP]

Guest kj [SBS MVP]

Posted
Posted

Re: Replace 1st Windows 2003 DC

 

Meinolf Weber wrote:

> Hello kj [sBS MVP],

>

> Why needs GC activation a reboot? Did it more often and never was

> prompted to reboot. Also in the event viewer it states that GC activation

> was

> succesful after a period of 5 minutes.

>

> Best regards

 

Yep, I'll retract that. Not required. 5 min to event 1119 - that's pretty

good.

 

Perhaps an obsolete practice from 2K days to kick in the KCC and get the SRV

record quicker.

>

> Meinolf Weber

> Disclaimer: This posting is provided "AS IS" with no warranties, and

> confers no rights.

> ** Please do NOT email, only reply to Newsgroups

> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>

>> JohnB wrote:

>>

>>> When you say "1st DC", you do mean that it was the very first DC

>>> that came online in that domain, correct?

>>>

>>> Without writing an entire book, you are going to have to demote that

>>> DC, using dcpromo (you can Google, to get specifics).

>>> And then you're going to have to transfer the FSMO roles. Again,

>>> Google is your friend in this. Here's an article that covers it

>>> well:

>>> http://www.petri.co.il/transferring_fsmo_roles.htm

>>> As far as reboots go; you won't have to reboot any of the remaining

>>> DC's. And I can't think of any reason that you'd have to reboot the

>>> Exchange server, but you could ask in that group.

>>>

>>> HTH

>>>

>> Enabling a DC as a Global Catalog needs a reboot, which might be

>> needed and desireable.

>>

>>> "rick" <thangr@uchastings.edu> wrote in message

>>> news:e9qEECyfIHA.536@TK2MSFTNGP06.phx.gbl...

>>>> Hello All,

>>>>

>>>> We currently have 3 Windows DCs running. All servers are running

>>>> under 1 domain (yourdomain.com), very simple. We also have 3 Back

>>>> End and 2 Front End Exchange 2003 servers running.

>>>>

>>>> We would like to get rid of the 1st DC and replace it with another

>>>> server. Please tell me what are the steps to make this a smooth

>>>> switchover

>>>> without shutting down or rebooting any Windows or Exchange servers.

>>>> Many thx,

>>>> Ricky

 

--

/kj

Guest Ricky T

Guest Ricky T

Posted
Posted

Re: Replace 1st Windows 2003 DC

 

John, thanks for the tips. YES. it's our first DC which hold the FSMO roles

and we only have 1 domain.

 

Can you let me know if this is ok.

1.Purchase a new HP server and install 2003 OS and with latest sp.

2.run DCPROMO on the new server and install DNS, AD, WINS. What other

services is needed? We don't need DHCP, print or file server because Novell

server is doing just that.

3. transfer all the FSMO roles to this new DC. how long to wait for all

roles to replicate to new DC? 24hrs?

4. how do you verify if the new DC holds the FSMO roles? do you use a

command or management console(.mmc)?

 

once this is done, how do you get rid of the old DC from your domain in AD?

do you run dcpromo or mmc?

 

Thanks again,

rick

 

"JohnB" wrote:

> When you say "1st DC", you do mean that it was the very first DC that came

> online in that domain, correct?

>

> Without writing an entire book, you are going to have to demote that DC,

> using dcpromo (you can Google, to get specifics).

> And then you're going to have to transfer the FSMO roles. Again, Google is

> your friend in this. Here's an article that covers it well:

> http://www.petri.co.il/transferring_fsmo_roles.htm

>

> As far as reboots go; you won't have to reboot any of the remaining DC's.

> And I can't think of any reason that you'd have to reboot the Exchange

> server, but you could ask in that group.

>

> HTH

>

>

>

> "rick" <thangr@uchastings.edu> wrote in message

> news:e9qEECyfIHA.536@TK2MSFTNGP06.phx.gbl...

> > Hello All,

> >

> > We currently have 3 Windows DCs running. All servers are running under 1

> > domain (yourdomain.com), very simple. We also have 3 Back End and 2 Front

> > End Exchange 2003 servers running.

> >

> > We would like to get rid of the 1st DC and replace it with another server.

> >

> > Please tell me what are the steps to make this a smooth switchover without

> > shutting down or rebooting any Windows or Exchange servers.

> >

> > Many thx,

> > Ricky

> >

> >

> >

>

>

>

Guest Meinolf Weber

Guest Meinolf Weber

Posted
Posted

Re: Replace 1st Windows 2003 DC

 

Hello Ricky,

 

Your questions:

1.Ok

2.see list

3.see list and check event viewer, takes minutes not hours.

4. you see it directly changing the name, if you transfer the roles using

the Active directory management tools and again in the event viewer

 

!!!!!!!!!!DO NOT REMOVE THE OLD DC WITH DELETING VIA .MMC/ADUC!!!!!!!!!!!!!!!!!

You have to demote it.

 

My List:

 

- On the DNS server open DNS management console and check that you are running

Active directory integrated zone (easier for replication, if you have more

then one DNS server)

 

- run replmon, dcdiag and netdiag on the all DC's to check for errors, if

you have some post the complete output from the command here or solve them

first

 

- Install the new machine as a member server in your existing domain

 

- configure a fixed ip and set the preferred DNS server to the old DNS server

only

 

- run dcpromo and follow the wizard to add the 2003 server to an existing

domain

 

- if you are prompted for DNS configuration choose Yes (also possible that

no DNS preparation occur), then install DNS after the reboot

 

- for DNS give the server time for replication, at least 15 minutes. Because

you use Active directory integrated zones it will automatically replicate

the zones to the new server. Open DNS management console to check that they

appear

 

- if the new machine is domain controller and DNS server run again replmon,

dcdiag and netdiag on the domain controllers

 

- if you have no errors, make the new server Global catalog server, open

Active directory Sites and Services and then double-click sitename, double-click

Servers, click your domain controller, right-click NTDS Settings, and then

click Properties, on the General tab, click to select the Global catalog

check box (http://support.microsoft.com/?id=313994)

 

- Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801)

 

- you can see in the event viewer (Directrory service) that the roles are

transferred, also give it some time

 

- reconfigure the DNS configuration on your NIC of the 2003 server, preferred

DNS itself, secondary one of the other still running DC's

 

- check in exchange system manager the Recipients update service and change

to another DC if necessary

 

- reconfigure your clients/servers that they not longer point to the old

DC/DNS server on the NIC

 

- to be sure that everything runs fine, disconnect the old DC from the network

and check with clients and servers the connectivity, logon and also with

one client a restart to see that everything is ok

 

- then run dcpromo to demote the old DC, if it works fine the machine will

move from the DC's OU to the computers container, where you can delete it

by hand. Can be that you got an error during demoting at the beginning, then

uncheck the Global catalog on that DC and try again

 

- check the DNS management console, that all entries from the machine are

disappeared or delete them by hand if the machine is off the network for ever

 

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> John, thanks for the tips. YES. it's our first DC which hold the FSMO

> roles and we only have 1 domain.

>

> Can you let me know if this is ok.

> 1.Purchase a new HP server and install 2003 OS and with latest sp.

> 2.run DCPROMO on the new server and install DNS, AD, WINS. What other

> services is needed? We don't need DHCP, print or file server because

> Novell

> server is doing just that.

> 3. transfer all the FSMO roles to this new DC. how long to wait for

> all

> roles to replicate to new DC? 24hrs?

> 4. how do you verify if the new DC holds the FSMO roles? do you use a

> command or management console(.mmc)?

> once this is done, how do you get rid of the old DC from your domain

> in AD? do you run dcpromo or mmc?

>

> Thanks again,

> rick

> "JohnB" wrote:

>

>> When you say "1st DC", you do mean that it was the very first DC that

>> came online in that domain, correct?

>>

>> Without writing an entire book, you are going to have to demote that

>> DC,

>> using dcpromo (you can Google, to get specifics).

>> And then you're going to have to transfer the FSMO roles. Again,

>> Google is

>> your friend in this. Here's an article that covers it well:

>> http://www.petri.co.il/transferring_fsmo_roles.htm

>> As far as reboots go; you won't have to reboot any of the remaining

>> DC's. And I can't think of any reason that you'd have to reboot the

>> Exchange server, but you could ask in that group.

>>

>> HTH

>>

>> "rick" <thangr@uchastings.edu> wrote in message

>> news:e9qEECyfIHA.536@TK2MSFTNGP06.phx.gbl...

>>

>>> Hello All,

>>>

>>> We currently have 3 Windows DCs running. All servers are running

>>> under 1 domain (yourdomain.com), very simple. We also have 3 Back

>>> End and 2 Front End Exchange 2003 servers running.

>>>

>>> We would like to get rid of the 1st DC and replace it with another

>>> server.

>>>

>>> Please tell me what are the steps to make this a smooth switchover

>>> without shutting down or rebooting any Windows or Exchange servers.

>>>

>>> Many thx,

>>> Ricky

Guest Christian

Guest Christian

Posted
Posted

Re: Replace 1st Windows 2003 DC

 

Can someone please elaborate on this process (demoting the first DC in a

domain) when that server generated the certs used by the other DC's in the

domain for server and user auth? What do I need to do in order to ensure

that the other DC's can continue to authenticate users and machines once DC1

is demoted and removed from the domain?

 

I posted this in the AD group where I got some info, and the Security group,

where I recieved no response.

 

Thanks for the help.

 

-Chris

 Share
Go to topic listing
×
×
  • Create New...