none
How to make Secondary domain controller to Primary domain controller? RRS feed

  • Question

  • Dear Team,

    I have Primary domain controller 2003 and Secondary domain controller is 2008 R2.

    Need your help to make 2008 R2 secondary AD to primary and removed the 2003.

    Please help me to proceed further.


    SUNIL PATEL SYSTEM ADMINISTRATOR

    • Moved by nzpcmad1 Tuesday, November 19, 2019 5:32 PM From ADFS
    Tuesday, November 19, 2019 11:33 AM

All replies

  • Hello,

    you have just to move FSMO roles :

    https://www.petri.com/transferring_fsmo_roles

    take care with your DNS server. to keep IP from 2003 (switch ip)  or change appliance, device with dns binded on 2003.

    Olivier


    Tuesday, November 19, 2019 11:53 AM
  • You need to transfer the FSMO roles to the other controller, then you can decommission the 2003 one.

    https://www.petri.com/transferring_fsmo_roles


    Mark as answer if it solves your issue. Leos

    Tuesday, November 19, 2019 11:54 AM
  • many thanks for quick reply both of you. will check and update.

    SUNIL PATEL SYSTEM ADMINISTRATOR

    Tuesday, November 19, 2019 11:56 AM
  • Hi,

    If you want to replace the domain controller 2003 by DC 2008R2, you need to transfer ( not seize)  all FSMO role to DC 2008 R2:

    Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller

    If there is a members servers still using the DC 2003 as DNS server , you have also to change it by the IP of DC 2008 R2 in IP settings of each members machine.


    Please don't forget to mark the correct answer, to help others who have the same issue. Thameur BOURBITA MCSE | MCSA My Blog : http://bourbitathameur.blogspot.fr/

    Wednesday, November 20, 2019 1:05 AM
  • Hi SKPATEL,

    Thank you for posting in our forum.

    When you transfer all fsmo roles, it becomes the primary domain controller.

    reference:How to view and transfer FSMO roles in Windows Server 2003

    If there is anything else we can do for you, please feel free to post in the forum

    I hope this information can help you.

    Best Regards,

    Vicky


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Wednesday, November 20, 2019 2:58 AM
  • You can transfer the roles prior to demotion of 2003 domain controller.

    https://support.microsoft.com/en-us/help/255504/using-ntdsutil-exe-to-transfer-or-seize-fsmo-roles-to-a-domain-control

    netdom /query fsmo

    to confirm move is successful.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Wednesday, November 20, 2019 3:28 AM
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Vicky

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, November 25, 2019 1:13 AM
  • There is no primary and seconday domain controller. There is what we call the FSMO holder. You can use netdom query fsmo to check which DC holds the FSMO roles and transfer them if needed. As well, please make sure that both DCs are DNS and GC servers to ensure HA in case one of them fails.

    Please take note that, for security reasons, it is important that you upgrade your DCs to make sure that only Microsoft supported versions are in use.


    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Monday, November 25, 2019 11:24 AM
  • after transferring all role from primary Dc to secondary DC, is it mendatory to remove primary domain controller? can i use secondary domain controller as primary and primary as secondary?


    SUNIL PATEL SYSTEM ADMINISTRATOR

    Tuesday, November 26, 2019 3:19 AM
  • No need to remove domain controller. You can freely transfer roles as needed at any time.

     

     (please don't forget to mark helpful replies as answer)

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Tuesday, November 26, 2019 3:22 AM
  • Hi,

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

    Best Regards,

    Vicky

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 29, 2019 12:56 AM