none
Promoting Additiona Domain Controller to Primary domain controller windows 2008

    Question

  • Can any body help me out to promote windows 2008 additional domain controller to Primary domain controller.

     

    Friday, March 11, 2011 11:48 PM

Answers

All replies

  • There is no primary and backup domain controller concept in Active Directory.    All domain controllers can perform read and write operation except RODC. 

    Please use the following steps to replace an existing DC with a new DC. 

    If you are planning to decommission the old servers, you need transfer FSMO, DHCP etc

    a.        http://support.microsoft.com/kb/324801

    b.        http://support.microsoft.com/kb/962355/en-us

    c.         http://blogs.technet.com/b/networking/archive/2008/06/27/steps-to-move-a-dhcp-database-from-a-windows-server-2003-or-2008-to-another-windows-server-2008-machine.aspx

     

    You can identify the existing FSMO role servers using the Netdom Query FSMO command. 

     

     


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX

    Blogs - http://blogs.sivarajan.com/
    Articles - http://www.sivarajan.com/publications.html
    Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara

    This posting is provided AS IS with no warranties, and confers no rights.
    Saturday, March 12, 2011 12:58 AM
  • Like Santosh said, there is no Primary domain controller.

    I would like to mention that there is 5 FSMO roles that you can assign to your DCs. For more information, refer to this article named "Best Practices for Assigning FSMO roles".

    If you want to transfer FSMO roles, refer to this Microsoft article named "How to view and transfer FSMO roles in Windows Server 2003". What is mentioned is still applied on 2008 / 2008 R2 DCs.

    There is multiple commands that you can use to determine FSMO roles holders like DCdiag /test :Knowsofroleholders command. You can use the /v switch to get the FSMO holders of all your enterprise.

    If you have 2003/2000 AD environement, you should have a look to this Microsoft article named "Upgrading Active Directory Domains to Windows Server 2008 and Windows Server 2008 R2 AD DS Domains".

    Also, I recommand to you to have a look to what is a global catalog. So, have a look to this Microsoft article named "What is the Global Catalog?".

    If you have an only one domain and an only one DC and you plan to add a second one, I recommand to you to add a GC to this second DC.

    Also, have a look to this Microsoft article named "Active Directory-Integrated DNS". I recommand to you to install the DNS service on the second DC and to integrate it to AD (I suppose that your DNS is AD integrated to your existing DC) so that you have to primary zones and like that you will ensure the high-availabity of the DNS service. Once done, make sure that your DNS clients are configured to use both DCs as DNS servers.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration

    Saturday, March 12, 2011 1:19 AM
  • As others said all the domain controllers are primary except the server hold FSMO role. Normally server which holds FSMO role is considered as main server but from windows 2000, all the DC's are primary dc only, its just a naming convention which segregated from FSMO role holder which is called Primary/root/main DC & other DC is called additional or secondary dc.

    You can configure DC same way you configured first one, trnafser FSMO roles,DHCP, DNS(if DNS is AD-Integrated, just installing dns service on other DC will make it dns server too, you need to just configure its IP on client machines NIC ) etc.

    Make new DC GC too.

    If you like GUI, take a look to configure windows 2008 DC

    http://forevergeeks.com/how-to-install-active-directory-on-windows-2008

    http://technet.microsoft.com/en-us/library/cc733027%28WS.10%29.aspx

    Transferring FSMO roles to another server.

    http://www.petri.co.il/transferring_fsmo_roles.htm

    Steps to move a DHCP database from a Windows Server 2003 or 2008 to another Windows Server 2008 machine There is script attached too.

    http://blogs.technet.com/b/teamdhcp/archive/2009/02/18/migration-of-dhcp-server-from-windows-server-2003-to-windows-server-2008.aspx

     

    Regards


    Awinish Vishwakarma| MY Blog

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    • Proposed as answer by Mr XMVP Saturday, March 12, 2011 7:03 AM
    • Marked as answer by Brent HuModerator Wednesday, March 16, 2011 5:14 AM
    Saturday, March 12, 2011 4:45 AM
  • Hello,

    as the other mentioned already. Since Windows 2000 all DCs are the same and the difference belong to the FSMO roles which must be used accroding to some rules: http://support.microsoft.com/kb/223346/en-us

    So in your case that the second DC can work independent for the domain and you can remove the other one make the second DC also Global catalog and DNS server and then move the FSMo roles to it, DON'T seize them.

    http://support.microsoft.com/kb/324801

    Do not forget to reconfigure all domain machines to use the new DNS server on the NIC also.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    • Proposed as answer by Mr XMVP Sunday, March 13, 2011 9:17 PM
    • Marked as answer by Brent HuModerator Wednesday, March 16, 2011 5:14 AM
    Sunday, March 13, 2011 8:16 PM
  • Dear Abdel Mugeeb ,

    to promote an additional DC to Primary you need to transfer the FSMO by using command Prompt or 

    by using an MMC snap-in tool. Depending on the FSMO role that you want to transfer, you can use one of the following three MMC snap-in tools:

    • Active Directory Schema snap-in
    • Active Directory Domains and Trusts snap-in
    • Active Directory Users and Computers snap-in

    To transfer the FSMO role the administrator must be a member of the following group:

    FSMO Role Administrator must be a member of
    Schema Schema Admins
    Domain Naming Enterprise Admins
    RID Domain Admins
    PDC Emulator
    Infrastructure

    Transferring the RID Master, PDC Emulator, and Infrastructure Masters via GUI

    To Transfer the Domain-Specific RID Master, PDC Emulator, and Infrastructure Master FSMO Roles:

    1. Open the Active Directory Users and Computers snap-in from the Administrative Tools folder.
    2. If you are NOT logged onto the target domain controller, in the snap-in, right-click the icon next to Active Directory Users and Computers and press Connect to Domain Controller.
    3. Select the domain controller that will be the new role holder, the target, and press OK.
    4. Right-click the Active Directory Users and Computers icon again and press Operation Masters.
    5. Select the appropriate tab for the role you wish to transfer and press the Change button.
    6. Press OK to confirm the change.
    7. Press OK all the way out.

    Transferring the Domain Naming Master via GUI

    To Transfer the Domain Naming Master Role:

    1. Open the Active Directory Domains and Trusts snap-in from the Administrative Tools folder.
    2. If you are NOT logged onto the target domain controller, in the snap-in, right-click the icon next to Active Directory Domains and Trusts and press Connect to Domain Controller.
    3. Select the domain controller that will be the new role holder and press OK.
    4. Right-click the Active Directory Domains and Trusts icon again and press Operation Masters.
    5. Press the Change button.
    6. Press OK to confirm the change.
    7. Press OK all the way out.

    Transferring the Schema Master via GUI :

    1. Register the Schmmgmt.dll library by pressing Start > RUN and typing:
    regsvr32 schmmgmt.dll
    1. Press OK. You should receive a success confirmation.
    2. From the Run command open an MMC Console by typing MMC.
    3. On the Console menu, press Add/Remove Snap-in.
    4. Press Add. Select Active Directory Schema.
    5. Press Add and press Close. Press OK.
    6. If you are NOT logged onto the target domain controller, in the snap-in, right-click the Active Directory Schema icon in the Console Root and press Change Domain Controller.
    7. Press Specify .... and type the name of the new role holder. Press OK.
    8. Right-click right-click the Active Directory Schema icon again and press Operation Masters.
    9. Press the Change button.
    10. Press OK all the way out.  

     

    and after being done with the last step you will need to down grade the old Primary DC and configure the DNS and DHCP services .

    hope it is helpful .

    have a nice day :)

    • Proposed as answer by Ayman A Monem Monday, July 25, 2011 9:44 AM
    Thursday, July 21, 2011 11:25 AM