locked
Migrating member server to DC without affecting domain. RRS feed

  • Question

  • Hi,

    We have a domain with a 2003 Global DC and then there are a couple of other servers there onsite, we also have a 2nd site with another 2003 member server there with the AD role installed to manage the domain from there.

    There is issues with the VPN connection and the servers are not talking to each other properly and the 2nd site has been sold and so we are looking to separate this from the domain and then make it its own controller and kill the VPN.

    what is the best process to do this (run dc promo) without affecting the head site that needs to stay as it was, just minus this server?

    Is it best to kill the VPN and then do DC promo, or is it better to unjoin and create a new domain?

    the only other factor for this is the server also has a SQL DB on there.

    is there any thing that I should do specifically for this or anything that is going to cause issues with this work and the new setup.

    Our main focus is to separate and not advsersly affect either site.

    Thursday, November 19, 2015 5:53 AM

Answers

  • Hi

    yes the intention is to create an all new domain using a new controller eventually

     Most material online talks about promoting a server and demoting another but I want to promote this one and then have it separate without affecting the other one.

    There is only way,first you could configure new domain on this site(seperate domain),then configure domain trust between old domain and new domain.

    Domain trust

    https://technet.microsoft.com/en-us/library/cc740018(v=ws.10).aspx

     Finaly you will migrate users,groups,computers with ADMT from old domain to new domain.(just necessary one's)

    ADMT

    https://technet.microsoft.com/en-us/library/cc974332(v=ws.10).aspx

    Also you will configure new sql on new domain and migrate the DB,etc,so you can ask this sql forums...

    Finaly you will demote the site DC from domain.and you will have seperate domain on this location..


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur



    • Edited by Burak Uğur Friday, November 20, 2015 10:53 PM
    • Proposed as answer by Mary Dong Monday, November 30, 2015 1:53 AM
    • Marked as answer by Mary Dong Thursday, December 3, 2015 1:54 AM
    Friday, November 20, 2015 10:52 PM

All replies

  • Hi

     First recommend you that,fix the connection issue between the center and branch site.Maybe you could contact ISP provider and check situation,Check and analyse network connection,check firewall&router rules,configure a new vpn server,etc...

     So as you said there is a SQL Server on the site,you need to check is this server runing with AD authentication mode?if it is,you should migrate SQL server to new domain,which you plan to create.

     And as you know,server 2003 end of life,and not supported anymore.So you think about to migrate your domain controllers to newest OS.(like server 2012 r2).

     But if you want to create a seperate domain on site,you can remove this site DC from domain,there isn't known issue about this.(just run dcpromo on site server.)But you need to check the services,etc before demote it,also take a full backup.

    So my recommendation is,first try to fix the connection issue,then migrate your domain environment to newest systems.

    If you need,you can check this migration article about migrate from server 2003 to 2012

    http://blogs.msmvps.com/mweber/2012/07/30/upgrading-an-active-directory-domain-from-windows-server-2003-or-windows-server-2003-r2-to-windows-server-2012/


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Thursday, November 19, 2015 8:47 AM
  • Hi,

    yes the intention is to create an all new domain using a new controller eventually, but at the moment we have time constraints of just getting the site to working independently that is why we just want to promote the onste server to a DC.

    But our main issue is that we do not want to affect the status of the Global DC at the main site (that still needs to remain the Global DC just this site is to be separate. And the reason to just promote so that we keep all accounts for the SQL that are used.

    Most material online talks about promoting a server and demoting another but I want to promote this one and then have it separate without affecting the other one.

    Thanks

    Friday, November 20, 2015 4:26 AM
  • Hi

    yes the intention is to create an all new domain using a new controller eventually

     Most material online talks about promoting a server and demoting another but I want to promote this one and then have it separate without affecting the other one.

    There is only way,first you could configure new domain on this site(seperate domain),then configure domain trust between old domain and new domain.

    Domain trust

    https://technet.microsoft.com/en-us/library/cc740018(v=ws.10).aspx

     Finaly you will migrate users,groups,computers with ADMT from old domain to new domain.(just necessary one's)

    ADMT

    https://technet.microsoft.com/en-us/library/cc974332(v=ws.10).aspx

    Also you will configure new sql on new domain and migrate the DB,etc,so you can ask this sql forums...

    Finaly you will demote the site DC from domain.and you will have seperate domain on this location..


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur



    • Edited by Burak Uğur Friday, November 20, 2015 10:53 PM
    • Proposed as answer by Mary Dong Monday, November 30, 2015 1:53 AM
    • Marked as answer by Mary Dong Thursday, December 3, 2015 1:54 AM
    Friday, November 20, 2015 10:52 PM