locked
demote a windows server 2008 in windows server 2003 domain RRS feed

  • Question

  • Hi Guys,

       Newbie here :P I am currently having a domain with windows server 2003 is my main DC. I just dcpromo a Windows Server 2008 Standard to one of the DC and modified some group policies in Windows Server 2008 ( which does not exists in windows server 2003 policy ).

       I wondering if I demote the Windows Server 2008 and completely remove it from current domain, will it affect the group policy as well?

    Monday, May 28, 2012 10:25 AM

Answers

  • Hello,

    for your question, you can backup all GPOs , then demote DC, then use RSAT and control GPOs from Windows Server 2008 member server.

    please read this article:

    Deploying Group Policy Using Windows Vista

    Enabling Group Policy Preferences Debug Logging using the RSAT

    How to create a Central Store for Group Policy Administrative Templates in Window Vista

    And, here is article about remove DC:

    Remove a Current Operational Domain Controller from Active Directory (Ace Fekay -MVP)

    Regards


    • Edited by Patris_70 Monday, May 28, 2012 12:31 PM
    • Proposed as answer by Cicely Feng Tuesday, May 29, 2012 9:04 AM
    • Marked as answer by Cicely Feng Monday, June 4, 2012 6:31 AM
    Monday, May 28, 2012 12:19 PM
  •  
    >    I wondering if I demote the Windows Server 2008 and completely
    > remove it from current domain, will it affect the group policy as well?
     
    No, it will not. GPOs are not saved on an individual DC, but in AD and
    Sysvol. Only effect you will see: You cannot edit your settings anymore
    because 2003 GPMC/GPEdit doesn't know about them.
     
    regards, Martin
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    • Proposed as answer by Cicely Feng Tuesday, May 29, 2012 11:23 AM
    • Marked as answer by Cicely Feng Monday, June 4, 2012 6:31 AM
    Tuesday, May 29, 2012 9:43 AM
  •  
    > Another concern from me. Before i introduce first server 2008 into my
    > domain, so i need to run adprep to extend the schema on my main DC
    > (server 2003). So should i run adprep on my another backup DC (server
    > 2003) too ? (since i removing the server 2008 from the domain)
    >
     
    No. You only have ONE AD Database that already is updated...
     
    regards, Martin
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    • Proposed as answer by Patris_70 Wednesday, May 30, 2012 9:33 AM
    • Marked as answer by Cicely Feng Monday, June 4, 2012 6:31 AM
    Wednesday, May 30, 2012 9:22 AM
  •  
    > I see. So in this case, if my main DC is down and i promote the backup
    > DC as main DC (without adprep), it should be fine without any server
    > 2008 in the domain. Am i right?
     
    Main DC? Backup DC? These belong to NT4 Domains (R.I.P.)... In AD, there
    are no main or backup dcs, just some FSMO holders, but these can be
    transferred easily between different DCs.
     
    regards, Martin
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    • Marked as answer by Cicely Feng Monday, June 4, 2012 6:31 AM
    Thursday, May 31, 2012 10:44 AM

All replies

  • Hello Nick, 

    Use GPMC tool and check for 2008 DC GPOs and export it and then import it if required.

    Make sure 2008 DC should not have any roles and also do Metadata Clean up from AD: http://www.petri.co.il/delete_failed_dcs_from_ad.htm


    Regards, Ravikumar P


    Monday, May 28, 2012 11:44 AM
  • Hello,

    for your question, you can backup all GPOs , then demote DC, then use RSAT and control GPOs from Windows Server 2008 member server.

    please read this article:

    Deploying Group Policy Using Windows Vista

    Enabling Group Policy Preferences Debug Logging using the RSAT

    How to create a Central Store for Group Policy Administrative Templates in Window Vista

    And, here is article about remove DC:

    Remove a Current Operational Domain Controller from Active Directory (Ace Fekay -MVP)

    Regards


    • Edited by Patris_70 Monday, May 28, 2012 12:31 PM
    • Proposed as answer by Cicely Feng Tuesday, May 29, 2012 9:04 AM
    • Marked as answer by Cicely Feng Monday, June 4, 2012 6:31 AM
    Monday, May 28, 2012 12:19 PM
  •  
    >    I wondering if I demote the Windows Server 2008 and completely
    > remove it from current domain, will it affect the group policy as well?
     
    No, it will not. GPOs are not saved on an individual DC, but in AD and
    Sysvol. Only effect you will see: You cannot edit your settings anymore
    because 2003 GPMC/GPEdit doesn't know about them.
     
    regards, Martin
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    • Proposed as answer by Cicely Feng Tuesday, May 29, 2012 11:23 AM
    • Marked as answer by Cicely Feng Monday, June 4, 2012 6:31 AM
    Tuesday, May 29, 2012 9:43 AM
  • Thanks for all the replies. :)

    Another concern from me. Before i introduce first server 2008 into my domain, so i need to run adprep to extend the schema on my main DC (server 2003). So should i run adprep on my another backup DC (server 2003) too ? (since i removing the server 2008 from the domain)

    Wednesday, May 30, 2012 4:35 AM
  •  
    > Another concern from me. Before i introduce first server 2008 into my
    > domain, so i need to run adprep to extend the schema on my main DC
    > (server 2003). So should i run adprep on my another backup DC (server
    > 2003) too ? (since i removing the server 2008 from the domain)
    >
     
    No. You only have ONE AD Database that already is updated...
     
    regards, Martin
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    • Proposed as answer by Patris_70 Wednesday, May 30, 2012 9:33 AM
    • Marked as answer by Cicely Feng Monday, June 4, 2012 6:31 AM
    Wednesday, May 30, 2012 9:22 AM
  • I see. So in this case, if my main DC is down and i promote the backup DC as main DC (without adprep), it should be fine without any server 2008 in the domain. Am i right? 
    Thursday, May 31, 2012 1:39 AM
  •  
    > I see. So in this case, if my main DC is down and i promote the backup
    > DC as main DC (without adprep), it should be fine without any server
    > 2008 in the domain. Am i right?
     
    Main DC? Backup DC? These belong to NT4 Domains (R.I.P.)... In AD, there
    are no main or backup dcs, just some FSMO holders, but these can be
    transferred easily between different DCs.
     
    regards, Martin
     

    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
    • Marked as answer by Cicely Feng Monday, June 4, 2012 6:31 AM
    Thursday, May 31, 2012 10:44 AM