none
replacing the domain controller RRS feed

  • Question

  • Single domain single forest with three DC.

    eai-pdc.eafg.local  (the first server in the forest)
    eai-dc.eafg.local
    eafg1.eafg.local

    I want to add another server eai-dc-01 and want to migrate all the roles from eai-pdc.eafg.local to this new server. what is the best way to do after adding it as an additonal DC.

    thanks

    Wednesday, March 24, 2010 6:00 PM

Answers

  • Hi,

    If it's not a newer version of Windows.

    1. Install Windows
    2. run dcpromo
    3. install DNS and WINS
    4. Transfer the 5 FSMO roles with ntdsutil.exe

    What other roles do you have?


    Jens Ole Kragh MCITP, MCTS, MCT, Microsoft TechNet Influent Denmark http://jensolekragh.spaces.live.com/
    Wednesday, March 24, 2010 6:21 PM
  • Transferring the FSMO roles takes just a few seconds.  It can be done during the day and it will not impact your operations.  You can use NDTSUTIL, or simply use the Active Directory Users and Computers snap-in (PDC, Infrastructure, RID), Active Directory Domains and Trusts (Domain Naming Master), and Schema snap-in (Schema Master) to move the roles if you are not comfortable with NTDSUTIL.

    The link you posted does not have the instructions on how to transfer.

    Resource: How to Transfer the PDC Emulator Role


    • Proposed as answer by Sameh Khairy Wednesday, March 24, 2010 8:39 PM
    • Marked as answer by Joson ZhouModerator Tuesday, March 30, 2010 1:23 AM
    • Edited by Jorge Mederos Wednesday, July 24, 2013 6:26 PM broken link; updated.
    Wednesday, March 24, 2010 6:38 PM
  • “authorative domain”? What do you mean by that?  As Jorge mentioned, PDE Emulator is responsible for “time management” You can read more info here:

    http://technet.microsoft.com/en-us/library/cc773013(WS.10).aspx

    As others suggested, you can add additional domain controller to your existing domain and transfer the FSMO role your new server.  Here are the step by step instructions:

    http://technet.microsoft.com/en-us/library/cc781792(WS.10).aspx

    You don’t need to use /adv switch you can use just DCPRMO.


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, March 25, 2010 1:20 AM
    Moderator
  • thanks guys this step hasd been doen successfully.

    now I've 4 server icluding this new one. Now I want to reduce the server roles from all other old server and ideally I want to have only 2 servers. Thsi new one and one more as an additional domain controller.

    Can i just run the dcpromo cmd on other to demote them? what would eb the affect or nothing?

    So you transferred the FSMO roles?  Is the new box also a global catalog?  Are clients (static and DHCP) pointing to the new box for DNS?  Any apps hard coded to use the old box for authentication?   

    I'd just turn off the old box (or shut down the port) for a day or two, make sure everything still works then if things are ok yes you dcpromo to demote them (and manually delete them from sites and services)

    Thanks

    Mike


    http://adisfun.blogspot.com;
    Monday, March 29, 2010 5:25 PM

All replies

  • Hi,

    If it's not a newer version of Windows.

    1. Install Windows
    2. run dcpromo
    3. install DNS and WINS
    4. Transfer the 5 FSMO roles with ntdsutil.exe

    What other roles do you have?


    Jens Ole Kragh MCITP, MCTS, MCT, Microsoft TechNet Influent Denmark http://jensolekragh.spaces.live.com/
    Wednesday, March 24, 2010 6:21 PM
  • thnaks.

    yes this is the new install.

    i wanna know how to transfer the FSMO?

    this how you mean to transfer it - http://technet.microsoft.com/en-us/library/cc758870(WS.10).aspx

    do you asuggest doing this during the working hours? how much time will it take to  trasnfer the FSMO.

    Once the FSMO transfer it done, do I need to demote the old PDC?

    Wednesday, March 24, 2010 6:28 PM
  • Transferring the FSMO roles takes just a few seconds.  It can be done during the day and it will not impact your operations.  You can use NDTSUTIL, or simply use the Active Directory Users and Computers snap-in (PDC, Infrastructure, RID), Active Directory Domains and Trusts (Domain Naming Master), and Schema snap-in (Schema Master) to move the roles if you are not comfortable with NTDSUTIL.

    The link you posted does not have the instructions on how to transfer.

    Resource: How to Transfer the PDC Emulator Role


    • Proposed as answer by Sameh Khairy Wednesday, March 24, 2010 8:39 PM
    • Marked as answer by Joson ZhouModerator Tuesday, March 30, 2010 1:23 AM
    • Edited by Jorge Mederos Wednesday, July 24, 2013 6:26 PM broken link; updated.
    Wednesday, March 24, 2010 6:38 PM
  • thanks.

    once the migration is done, will this new server will be the authorative domain for the TIME, since I've eafg1.eafg.local as the autorative time server.

    Wednesday, March 24, 2010 7:20 PM
  • The Domain Controller holding the PDC Emulator role in the "root" domain in the forest is always the authoritative time server.

     


    Visit my blog: anITKB.com, an IT Knowledge Base.
    Wednesday, March 24, 2010 7:33 PM
  • so once i add this new server will it become automatically the authorative domain?
    Wednesday, March 24, 2010 8:47 PM
  • “authorative domain”? What do you mean by that?  As Jorge mentioned, PDE Emulator is responsible for “time management” You can read more info here:

    http://technet.microsoft.com/en-us/library/cc773013(WS.10).aspx

    As others suggested, you can add additional domain controller to your existing domain and transfer the FSMO role your new server.  Here are the step by step instructions:

    http://technet.microsoft.com/en-us/library/cc781792(WS.10).aspx

    You don’t need to use /adv switch you can use just DCPRMO.


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX http://blogs.sivarajan.com/ http://publications.sivarajan.com/ This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, March 25, 2010 1:20 AM
    Moderator
  • thanks guys this step hasd been doen successfully.

    now I've 4 server icluding this new one. Now I want to reduce the server roles from all other old server and ideally I want to have only 2 servers. Thsi new one and one more as an additional domain controller.

    Can i just run the dcpromo cmd on other to demote them? what would eb the affect or nothing?

    Monday, March 29, 2010 5:18 PM
  • thanks guys this step hasd been doen successfully.

    now I've 4 server icluding this new one. Now I want to reduce the server roles from all other old server and ideally I want to have only 2 servers. Thsi new one and one more as an additional domain controller.

    Can i just run the dcpromo cmd on other to demote them? what would eb the affect or nothing?

    So you transferred the FSMO roles?  Is the new box also a global catalog?  Are clients (static and DHCP) pointing to the new box for DNS?  Any apps hard coded to use the old box for authentication?   

    I'd just turn off the old box (or shut down the port) for a day or two, make sure everything still works then if things are ok yes you dcpromo to demote them (and manually delete them from sites and services)

    Thanks

    Mike


    http://adisfun.blogspot.com;
    Monday, March 29, 2010 5:25 PM
  • YesI transferred the FSMO. This is also the GC server. all clients are bing DHCPed from another server and also DNSed from that server while I've modifidied the DHCP and pushing the new server DNS as the primary DNS. So now we have 3 DNS servers.

    No apps are hard coded on that old PDC.

    Monday, March 29, 2010 6:01 PM
  • Looks like you have done all your checks, and have all the proper settings in place you should be ok with the new DC/DNS/GC.

     

    Thanks

    Mike


    http://adisfun.blogspot.com;
    Monday, March 29, 2010 6:07 PM
  • Please run repadmin /showreps and see if the replication is going fine without errors and also see

    the DCDIAG /v /c /d /e log files to make sure every thing is going fines which includes your dns as well


    http://www.virmansec.com/blogs/skhairuddin
    Monday, March 29, 2010 6:08 PM
  • before depromote, ensure there is no errors in following,

    1. repadmin /showreps

    2. dcdiag /v

    3. netdiag /v

    switch off the those DC's atleat two days.

    now you can depromote DC's if everything is OK


    kesav
    Tuesday, March 30, 2010 7:55 AM