locked
Demoting 2003 AD and Promoting 2008 server AD RRS feed

  • Question

  • Hi, Currently we have a two domain controllers DC1 running on server 2003 Sp2 and Additional DC is on Server 2008. Now we would like to demote the DC1 and make the Additional DC as Primary one. Is it enough if I transfer all FSMO roles to the Additional DC and take the DC1 down what about the primary DNS and seconday earlier DC1 was preferred DNs and DHCP also was on that server. Can anybody give me clear steps to perform this?
    Wednesday, July 8, 2009 2:48 PM

Answers

  • You can start this process by moving DHCP database from DC1 to new Server. You can  backup the DHCP database and restore it on the new server. You will need to change the scope option for primary dns server to your Server 2008. For further details on DHCP migration you can refer to this article
    http://support.microsoft.com/kb/325473

    Some clients may hang in the beginning but after a dhcp renewal problem will be solved.

    After this step you can transfer the FSMO roles and then run dcpromo /forceremoval on your dc1 before taking it down.
    Ozan Veranyurt MCITP-MCT
    • Proposed as answer by ozan veranyurt Wednesday, July 8, 2009 3:02 PM
    • Marked as answer by Joson Zhou Friday, July 10, 2009 8:27 AM
    Wednesday, July 8, 2009 3:02 PM
  • Configure DNS zones representing your domain as AD-integrated - rather than having them set up as primary/secondary. As Ozan has pointed out, make sure that you designate the new domain controller as the primary (and only - assuming that you are planning on decommissioning the other DC) DNS server on all computers (via DHCP server/scope options or manually - for systems with static IP configuration).
    Btw. you should consider keeping your old domain controller online for redundancy purposes - rather than demoting it...

    hth
    Marcin
    • Marked as answer by Joson Zhou Friday, July 10, 2009 8:27 AM
    Wednesday, July 8, 2009 4:03 PM
  • Hello,

    run replmon from the run line or repadmin /showrepl(only if more then one DC exist), dcdiag and netdiag from the command prompt on both DCs to check for errors, if you have some post the complete output from the command here or solve them first. For this tools you have to install the support\tools\suptools.msi from the 2003 installation disk on the 2003. Then copy the netdiag.exe to the 2008 server, the other tools already included in 2008.

    Make sure the 2008 is also Global catalog and DNS server(use AD integrated zones) and that all domain members are reconfigured to use it as preferred DNS server.

    Export and import of DHCP database for 2008 choose "netshell dhcp backup" and "netshell dhcp restore" command (http://technet.microsoft.com/en-us/library/cc772372.aspx)

    Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801 applies also for 2008), FSMO should always be on the newest OS DC.

    Demoting the old DC, but i would keep the old DC for redundancy and failover

    - reconfigure your clients/servers that they not longer point to the old DC/DNS server on the NIC

    - to be sure that everything runs fine, disconnect the old DC from the network and check with clients and servers the connectivity, logon and also with one client a restart to see that everything is ok

    - then run dcpromo to demote the old DC, if it works fine the machine will move from the DC's OU to the computers container, where you can delete it by hand. Can be that you got an error during demoting at the beginning, then uncheck the Global catalog on that DC and try again

    - check the DNS management console, that all entries from the machine are disappeared or delete them by hand if the machine is off the network for ever

    - also you have to start AD sites and services and delete the old servername under the site, this will not be done during demotion


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Joson Zhou Friday, July 10, 2009 8:27 AM
    Thursday, July 9, 2009 8:38 AM

All replies

  • You can start this process by moving DHCP database from DC1 to new Server. You can  backup the DHCP database and restore it on the new server. You will need to change the scope option for primary dns server to your Server 2008. For further details on DHCP migration you can refer to this article
    http://support.microsoft.com/kb/325473

    Some clients may hang in the beginning but after a dhcp renewal problem will be solved.

    After this step you can transfer the FSMO roles and then run dcpromo /forceremoval on your dc1 before taking it down.
    Ozan Veranyurt MCITP-MCT
    • Proposed as answer by ozan veranyurt Wednesday, July 8, 2009 3:02 PM
    • Marked as answer by Joson Zhou Friday, July 10, 2009 8:27 AM
    Wednesday, July 8, 2009 3:02 PM
  •  Do I need do any changes for DNS server? currently new server is running secondary DNS and DC1 is holding Preferred DNS server. Do I need to update these details in DHCP server Configur options?

    Wednesday, July 8, 2009 3:39 PM
  • Configure DNS zones representing your domain as AD-integrated - rather than having them set up as primary/secondary. As Ozan has pointed out, make sure that you designate the new domain controller as the primary (and only - assuming that you are planning on decommissioning the other DC) DNS server on all computers (via DHCP server/scope options or manually - for systems with static IP configuration).
    Btw. you should consider keeping your old domain controller online for redundancy purposes - rather than demoting it...

    hth
    Marcin
    • Marked as answer by Joson Zhou Friday, July 10, 2009 8:27 AM
    Wednesday, July 8, 2009 4:03 PM
  • Hello,

    run replmon from the run line or repadmin /showrepl(only if more then one DC exist), dcdiag and netdiag from the command prompt on both DCs to check for errors, if you have some post the complete output from the command here or solve them first. For this tools you have to install the support\tools\suptools.msi from the 2003 installation disk on the 2003. Then copy the netdiag.exe to the 2008 server, the other tools already included in 2008.

    Make sure the 2008 is also Global catalog and DNS server(use AD integrated zones) and that all domain members are reconfigured to use it as preferred DNS server.

    Export and import of DHCP database for 2008 choose "netshell dhcp backup" and "netshell dhcp restore" command (http://technet.microsoft.com/en-us/library/cc772372.aspx)

    Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801 applies also for 2008), FSMO should always be on the newest OS DC.

    Demoting the old DC, but i would keep the old DC for redundancy and failover

    - reconfigure your clients/servers that they not longer point to the old DC/DNS server on the NIC

    - to be sure that everything runs fine, disconnect the old DC from the network and check with clients and servers the connectivity, logon and also with one client a restart to see that everything is ok

    - then run dcpromo to demote the old DC, if it works fine the machine will move from the DC's OU to the computers container, where you can delete it by hand. Can be that you got an error during demoting at the beginning, then uncheck the Global catalog on that DC and try again

    - check the DNS management console, that all entries from the machine are disappeared or delete them by hand if the machine is off the network for ever

    - also you have to start AD sites and services and delete the old servername under the site, this will not be done during demotion


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Joson Zhou Friday, July 10, 2009 8:27 AM
    Thursday, July 9, 2009 8:38 AM
  • Hello,

    run replmon from the run line or repadmin /showrepl(only if more then one DC exist), dcdiag and netdiag from the command prompt on both DCs to check for errors, if you have some post the complete output from the command here or solve them first. For this tools you have to install the support\tools\suptools.msi from the 2003 installation disk on the 2003. Then copy the netdiag.exe to the 2008 server, the other tools already included in 2008.

    Make sure the 2008 is also Global catalog and DNS server(use AD integrated zones) and that all domain members are reconfigured to use it as preferred DNS server.

    Export and import of DHCP database for 2008 choose "netshell dhcp backup" and "netshell dhcp restore" command (http://technet.microsoft.com/en-us/library/cc772372.aspx)

    Transfer, NOT seize the 5 FSMO roles to the new Domain controller (http://support.microsoft.com/kb/324801 applies also for 2008), FSMO should always be on the newest OS DC.

    Demoting the old DC, but i would keep the old DC for redundancy and failover

    - reconfigure your clients/servers that they not longer point to the old DC/DNS server on the NIC

    - to be sure that everything runs fine, disconnect the old DC from the network and check with clients and servers the connectivity, logon and also with one client a restart to see that everything is ok

    - then run dcpromo to demote the old DC, if it works fine the machine will move from the DC's OU to the computers container, where you can delete it by hand. Can be that you got an error during demoting at the beginning, then uncheck the Global catalog on that DC and try again

    - check the DNS management console, that all entries from the machine are disappeared or delete them by hand if the machine is off the network for ever

    - also you have to start AD sites and services and delete the old servername under the site, this will not be done during demotion


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, July 9, 2009 8:38 AM
  • Hi,

     Thanks all for the useful information

    I performed the following steps


    1. Backed Up the DHCP databse and configured it on the New DC restored the database
    2. Transferred the  5 FSMO roles to the new DC
    3. Configured DHCP on the new DC to point the clients to Updated DNS servers and time servers
    4. Cheked the ADS replication it works fine.

    I have a small doubt here in mentioning primary and alternate DNS sevrers  in both the DC's at present

    DC1              20.0.1.2           DC2     20.0.1.3
    subnetmask   255.0.0.0         subnet  255.0.0.0  
    GW               20.0.1.1           GW       20.0.1.1

    Primary DNS   20.0.1.2          Primary  20.0.1.3
    Alternate         20.0.1.3          Alternate 20.0.1.2


    Is this mapping is correct or do i need to mention same on both DC's ?
    Thursday, July 9, 2009 10:29 AM
  • Actually, either one is acceptable and has its pros and cons - as outlined in http://support.microsoft.com/kb/825036

    hth
    Marcin
    Thursday, July 9, 2009 10:55 AM
  • Hello,

    it is ok so far, but personell i would not use that large ip range. I don't think that you need 16.777.214 hosts, so choose a smaller subnet mask like 255.255.255.0. Then you have still 254 hosts in a range from 20.0.0.1 to 20.0.0.254
    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, July 9, 2009 11:01 AM
  • IF you are taking dc1 then you should not add its ip as an alternate dns server.
    Ozan Veranyurt MCITP-MCT
    Thursday, July 9, 2009 1:18 PM