none
Demote a PDC to CDC without breaking trust relationship between clients and DC

    Question

  • I have a network in which there is 1 PDC, 2 clients in a virtual environment. I want this PDC to become CDC of another DC in different forest without breaking any trust relationship between clients and PDC. Is it possible to do it by demoting DC or by role transfer or by any other method? The aim is that I do not want my clients to be removed from domain and then joined again. Clients should interact with DC as they were interacting earlier.
    Thursday, December 29, 2016 3:15 AM

All replies

  • Please let me know what is CDC?

    Dev T

    Thursday, December 29, 2016 4:53 AM
  • Child DC`?

    Best Regards,

    Jesper Vindum, Denmark

    Systems Administrator

    Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

    Thursday, December 29, 2016 4:54 AM
  • Child Domain Controller
    Thursday, December 29, 2016 5:01 AM
  • Yes, Child DC.
    Thursday, December 29, 2016 5:01 AM
  • I still don't quite get the question though. You cannot move domain controllers between forests. Child DC isn't a valid term in the 'modern active directory domain services'. You can have domain controllers in a child domain, within your forest. There will be a PDC for each domain, in your forest.

    You can easily move FSMO roles around, if you wish to decommission a domain controller.

    For clients being able to use services within your domain, they will have to have access to a valid DNS server, that can tell them what and where the services are located. If you are going to change that, you must ensure the clients know.

    So, exactly what are you trying to achieve?

    /\


    Best Regards,

    Jesper Vindum, Denmark

    Systems Administrator

    Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

    Thursday, December 29, 2016 5:34 AM
  • Hi,
    If you want a domain controller to serve multiple forests, it might be impossible, as a DC can provide domain services for only one Active Directory (AD) domain. You can configure a DC as a Global Catalog (GC) server, which means the DC would also store a read-only copy of a subset of attributes for all domains in the forest, but the DC still couldn't provide authentication services for other domains in the forest, let alone serve for the domains of other forests.
    Best regards,
    Wendy
    https:

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Thursday, December 29, 2016 6:22 AM
    Moderator
  • Hi,

    I am checking how the issue going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, January 2, 2017 6:05 AM
    Moderator
  • Hi,

    As far as I know there is no term in AD called "Child Domain Controller". Are you talking about a Domain Controller in a Child Domain the same forest? and you want to move this Domain Controller in a different forest all together?


    Dev T

    Monday, January 2, 2017 6:55 AM
  • if its virtual environment,why dont you decommission this PDC VM ,create a new virtual machine & promote that as DC in child domain ?. thats the best way.

    if you want to decommission PDC VM, Perform Role transfer to any other DC available.

    Ensure to retain IP configuring on other DCs / change DNS IPs in clients (Eg: via DHCP scope  / GPO/manually ) if any dependancy with IP address of current PDC.

    • Proposed as answer by sumesh vasu Monday, January 2, 2017 9:38 AM
    Monday, January 2, 2017 9:37 AM