locked
Demoting 2003 domain controllers RRS feed

  • Question

  • Hi Guys,

    We have been running in a mixed mode domain for a while now (2003 and 2008r2) and I have been given the go-ahead to demote the 2003 DC's.

    Now before I demote them I want to be sure that these servers are being used for anything, i.e ldap services etc.....

    Instead of turning them off can I just disable the net-logon service for a few days?

    Also these servers are not dns servers.

    Thanks

    Wednesday, November 19, 2014 3:53 PM

Answers

  • Hello,

    Yes, you should be able to set the NetLogon service to Manual, then stop it for some time to see if everything works okay.

    Please be sure that you have moved all of the FSMO roles off of the machines you plan to demote and remove!

    Thanks,


    Jared Hamilton, MCITP Enterprise Administrator

    • Proposed as answer by Erin_zhou Monday, December 1, 2014 6:31 AM
    • Marked as answer by Erin_zhou Tuesday, December 2, 2014 9:52 AM
    Wednesday, November 19, 2014 4:17 PM
  • Are the DCs GCs? If they are, they may be chosen at logon time. You may want to no longer make them a GC.

    You can run echo %logonserver% at a few clients to see if they are using the DC as a logon server (not necessarily a GC).

    Here are some other things to look at that may help.

    Remove a Current Operational Domain Controller from Active Directory
    http://blogs.msmvps.com/acefekay/2010/10/09/remove-a-current-operational-domain-controller-from-active-directory/


    Ace Fekay
    MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBookTwitterLinkedIn


    • Edited by Ace Fekay [MCT] Wednesday, November 19, 2014 6:00 PM
    • Proposed as answer by Erin_zhou Monday, December 1, 2014 6:31 AM
    • Marked as answer by Erin_zhou Tuesday, December 2, 2014 9:52 AM
    Wednesday, November 19, 2014 5:59 PM

All replies

  • Hello,

    Yes, you should be able to set the NetLogon service to Manual, then stop it for some time to see if everything works okay.

    Please be sure that you have moved all of the FSMO roles off of the machines you plan to demote and remove!

    Thanks,


    Jared Hamilton, MCITP Enterprise Administrator

    • Proposed as answer by Erin_zhou Monday, December 1, 2014 6:31 AM
    • Marked as answer by Erin_zhou Tuesday, December 2, 2014 9:52 AM
    Wednesday, November 19, 2014 4:17 PM
  • Are the DCs GCs? If they are, they may be chosen at logon time. You may want to no longer make them a GC.

    You can run echo %logonserver% at a few clients to see if they are using the DC as a logon server (not necessarily a GC).

    Here are some other things to look at that may help.

    Remove a Current Operational Domain Controller from Active Directory
    http://blogs.msmvps.com/acefekay/2010/10/09/remove-a-current-operational-domain-controller-from-active-directory/


    Ace Fekay
    MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBookTwitterLinkedIn


    • Edited by Ace Fekay [MCT] Wednesday, November 19, 2014 6:00 PM
    • Proposed as answer by Erin_zhou Monday, December 1, 2014 6:31 AM
    • Marked as answer by Erin_zhou Tuesday, December 2, 2014 9:52 AM
    Wednesday, November 19, 2014 5:59 PM