Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Re: Transfer forest root role to another DC?
Re: Transfer forest root role to another DC? [message #156491] Thu, 18 June 2009 07:19 Go to next message
Raimundas Janusis  is currently offline Raimundas Janusis  Lithuania
Messages: 4
Registered: June 2009
Junior Member
It's single domain, let's say it's domain.local, dc's are dc1.domain.local
and dc2.domain.local. Dc1.domain.local was installed as first dc for new
forest and domain, so i'm worried if i demote dc1.domain.local it may be
some problems to my AD, like i wont be able to create new domains or extend
schema or something like that.

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb6627dde8cbbe2d7e045391@msnews.microsoft.com...
> Hello Raimundas,
>
> I am not sure what your forest/domain is built. Do you have domain.com as
> root and sub.domain.com or only domain.com?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Currently i have single windows 2003 domain in my organization, there
>> is two domain controllers in domain, first domain controller is
>> physical server, second dc is a virtual machine which is on VMware
>> ESXi host. Physical server which is forest and domain root dc operates
>> with old hardware and i want to move it to the ESXi host too. I have
>> already transfered all FSMO roles to second dc. Is there any specific
>> ways to transfer forest root and domain root dc? Maybe i need to
>> backup system state of the first dc and then install new windows 2003
>> server and restore from that backup?
>>
>> Thanks in advance
>>
>
>
Re: Transfer forest root role to another DC? [message #156496 is a reply to message #156491] Thu, 18 June 2009 08:04 Go to previous messageGo to next message
Meinolf Weber MVP-DS  is currently offline Meinolf Weber MVP-DS  Germany
Messages: 129
Registered: July 2009
Senior Member
Hello Raimundas,

There is no forest/domain root DC in your case. All DCs are the same, differences
are the FSMO roles. So with moving them to the other DC, this part is done.

Make sure the second DC is also Global catalog server and DNS server (choose
AD integrated zones, if not done).

In your case i would install a 3rd DC/GC/DNS as VM before demoting the older
one, so you have still 2 DCs before you remove the old one.

Then check with dcdiag /v, netdiag /v and repadmin /showrepl to check for
errors. If no errors exist you can start demoting the other DC.

What you have to keep in mind is that you should NEVER use the snapshots
to restore a DC, this is a not supported backup operation, which will result
in USN rollback.
http://support.microsoft.com/kb/875495

Also check this ones before about using DC on VM:
http://support.microsoft.com/kb/888794

http://www.microsoft.com/downloads/details.aspx?FamilyId=64D B845D-F7A3-4209-8ED2-E261A117FC6B&displaylang=en

http://support.microsoft.com/kb/897614/en-us

Demoting the old DC

- reconfigure your clients/servers that they not longer point to the old
DC/DNS server on the NIC

- to be sure that everything runs fine, disconnect the old DC from the network
and check with clients and servers the connectivity, logon and also with
one client a restart to see that everything is ok

- then run dcpromo to demote the old DC, if it works fine the machine will
move from the DC's OU to the computers container, where you can delete it
by hand. Can be that you got an error during demoting at the beginning, then
uncheck the Global catalog on that DC and try again

- check the DNS management console, that all entries from the machine are
disappeared or delete them by hand if the machine is off the network for ever

- also you have to start AD sites and services and delete the old servername
under the site, this will not be done during demotion

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> It's single domain, let's say it's domain.local, dc's are
> dc1.domain.local and dc2.domain.local. Dc1.domain.local was installed
> as first dc for new forest and domain, so i'm worried if i demote
> dc1.domain.local it may be some problems to my AD, like i wont be able
> to create new domains or extend schema or something like that.
>
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news:ff16fb6627dde8cbbe2d7e045391@msnews.microsoft.com...
>
>> Hello Raimundas,
>>
>> I am not sure what your forest/domain is built. Do you have
>> domain.com as root and sub.domain.com or only domain.com?
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Currently i have single windows 2003 domain in my organization,
>>> there is two domain controllers in domain, first domain controller
>>> is physical server, second dc is a virtual machine which is on
>>> VMware ESXi host. Physical server which is forest and domain root dc
>>> operates with old hardware and i want to move it to the ESXi host
>>> too. I have already transfered all FSMO roles to second dc. Is there
>>> any specific ways to transfer forest root and domain root dc? Maybe
>>> i need to backup system state of the first dc and then install new
>>> windows 2003 server and restore from that backup?
>>>
>>> Thanks in advance
>>>
Re: Transfer forest root role to another DC? [message #156497 is a reply to message #156496] Thu, 18 June 2009 08:15 Go to previous messageGo to next message
Raimundas Janusis  is currently offline Raimundas Janusis  Lithuania
Messages: 4
Registered: June 2009
Junior Member
Thank You for answering, it helps me a lot.

"Meinolf Weber [MVP-DS]" wrote in message
news:ff16fb6627de28cbbe34d77f4311@msnews.microsoft.com...
> Hello Raimundas,
>
> There is no forest/domain root DC in your case. All DCs are the same,
> differences are the FSMO roles. So with moving them to the other DC, this
> part is done.
>
> Make sure the second DC is also Global catalog server and DNS server
> (choose AD integrated zones, if not done).
> In your case i would install a 3rd DC/GC/DNS as VM before demoting the
> older one, so you have still 2 DCs before you remove the old one.
>
> Then check with dcdiag /v, netdiag /v and repadmin /showrepl to check for
> errors. If no errors exist you can start demoting the other DC.
>
> What you have to keep in mind is that you should NEVER use the snapshots
> to restore a DC, this is a not supported backup operation, which will
> result in USN rollback.
> http://support.microsoft.com/kb/875495
>
> Also check this ones before about using DC on VM:
> http://support.microsoft.com/kb/888794
>
> http://www.microsoft.com/downloads/details.aspx?FamilyId=64D B845D-F7A3-4209-8ED2-E261A117FC6B&displaylang=en
>
> http://support.microsoft.com/kb/897614/en-us
>
> Demoting the old DC
>
> - reconfigure your clients/servers that they not longer point to the old
> DC/DNS server on the NIC
>
> - to be sure that everything runs fine, disconnect the old DC from the
> network and check with clients and servers the connectivity, logon and
> also with one client a restart to see that everything is ok
>
> - then run dcpromo to demote the old DC, if it works fine the machine will
> move from the DC's OU to the computers container, where you can delete it
> by hand. Can be that you got an error during demoting at the beginning,
> then uncheck the Global catalog on that DC and try again
>
> - check the DNS management console, that all entries from the machine are
> disappeared or delete them by hand if the machine is off the network for
> ever
>
> - also you have to start AD sites and services and delete the old
> servername under the site, this will not be done during demotion
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> It's single domain, let's say it's domain.local, dc's are
>> dc1.domain.local and dc2.domain.local. Dc1.domain.local was installed
>> as first dc for new forest and domain, so i'm worried if i demote
>> dc1.domain.local it may be some problems to my AD, like i wont be able
>> to create new domains or extend schema or something like that.
>>
>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>> news:ff16fb6627dde8cbbe2d7e045391@msnews.microsoft.com...
>>
>>> Hello Raimundas,
>>>
>>> I am not sure what your forest/domain is built. Do you have
>>> domain.com as root and sub.domain.com or only domain.com?
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> Currently i have single windows 2003 domain in my organization,
>>>> there is two domain controllers in domain, first domain controller
>>>> is physical server, second dc is a virtual machine which is on
>>>> VMware ESXi host. Physical server which is forest and domain root dc
>>>> operates with old hardware and i want to move it to the ESXi host
>>>> too. I have already transfered all FSMO roles to second dc. Is there
>>>> any specific ways to transfer forest root and domain root dc? Maybe
>>>> i need to backup system state of the first dc and then install new
>>>> windows 2003 server and restore from that backup?
>>>>
>>>> Thanks in advance
>>>>
>
>
Re: Transfer forest root role to another DC? [message #156498 is a reply to message #156497] Thu, 18 June 2009 08:22 Go to previous message
meiweb(nospam)  is currently offline meiweb(nospam)  Germany
Messages: 1307
Registered: July 2009
Senior Member
Hello Raimundas,

You're welcome.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Thank You for answering, it helps me a lot.
>
> "Meinolf Weber [MVP-DS]" wrote in message
> news:ff16fb6627de28cbbe34d77f4311@msnews.microsoft.com...
>
>> Hello Raimundas,
>>
>> There is no forest/domain root DC in your case. All DCs are the same,
>> differences are the FSMO roles. So with moving them to the other DC,
>> this part is done.
>>
>> Make sure the second DC is also Global catalog server and DNS server
>> (choose AD integrated zones, if not done).
>> In your case i would install a 3rd DC/GC/DNS as VM before demoting
>> the
>> older one, so you have still 2 DCs before you remove the old one.
>> Then check with dcdiag /v, netdiag /v and repadmin /showrepl to check
>> for errors. If no errors exist you can start demoting the other DC.
>>
>> What you have to keep in mind is that you should NEVER use the
>> snapshots
>> to restore a DC, this is a not supported backup operation, which will
>> result in USN rollback.
>> http://support.microsoft.com/kb/875495
>> Also check this ones before about using DC on VM:
>> http://support.microsoft.com/kb/888794
>> http://www.microsoft.com/downloads/details.aspx?FamilyId=64D B845D-F7A
>> 3-4209-8ED2-E261A117FC6B&displaylang=en
>>
>> http://support.microsoft.com/kb/897614/en-us
>>
>> Demoting the old DC
>>
>> - reconfigure your clients/servers that they not longer point to the
>> old DC/DNS server on the NIC
>>
>> - to be sure that everything runs fine, disconnect the old DC from
>> the network and check with clients and servers the connectivity,
>> logon and also with one client a restart to see that everything is ok
>>
>> - then run dcpromo to demote the old DC, if it works fine the machine
>> will move from the DC's OU to the computers container, where you can
>> delete it by hand. Can be that you got an error during demoting at
>> the beginning, then uncheck the Global catalog on that DC and try
>> again
>>
>> - check the DNS management console, that all entries from the machine
>> are disappeared or delete them by hand if the machine is off the
>> network for ever
>>
>> - also you have to start AD sites and services and delete the old
>> servername under the site, this will not be done during demotion
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> It's single domain, let's say it's domain.local, dc's are
>>> dc1.domain.local and dc2.domain.local. Dc1.domain.local was
>>> installed as first dc for new forest and domain, so i'm worried if i
>>> demote dc1.domain.local it may be some problems to my AD, like i
>>> wont be able to create new domains or extend schema or something
>>> like that.
>>>
>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>> news:ff16fb6627dde8cbbe2d7e045391@msnews.microsoft.com...
>>>
>>>> Hello Raimundas,
>>>>
>>>> I am not sure what your forest/domain is built. Do you have
>>>> domain.com as root and sub.domain.com or only domain.com?
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> Currently i have single windows 2003 domain in my organization,
>>>>> there is two domain controllers in domain, first domain controller
>>>>> is physical server, second dc is a virtual machine which is on
>>>>> VMware ESXi host. Physical server which is forest and domain root
>>>>> dc operates with old hardware and i want to move it to the ESXi
>>>>> host too. I have already transfered all FSMO roles to second dc.
>>>>> Is there any specific ways to transfer forest root and domain root
>>>>> dc? Maybe i need to backup system state of the first dc and then
>>>>> install new windows 2003 server and restore from that backup?
>>>>>
>>>>> Thanks in advance
>>>>>
Re: Transfer forest root role to another DC? [message #156501 is a reply to message #156491] Thu, 18 June 2009 08:21 Go to previous message
Raimundas Janusis  is currently offline Raimundas Janusis  Lithuania
Messages: 4
Registered: June 2009
Junior Member
Thanks, i will check the article.

"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
news:OpDVg3A8JHA.1380@TK2MSFTNGP05.phx.gbl...
> Check out an article I have on Decommissioning a DC at:
> http://www.pbbergs.com/windows/articles.htm
>
> This should assist you in your retirement
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup This
> posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Raimundas Janusis" <raimundasj@gmail.com> wrote in message
> news:OnKPhaA8JHA.1416@TK2MSFTNGP04.phx.gbl...
>> It's single domain, let's say it's domain.local, dc's are
>> dc1.domain.local and dc2.domain.local. Dc1.domain.local was installed as
>> first dc for new forest and domain, so i'm worried if i demote
>> dc1.domain.local it may be some problems to my AD, like i wont be able to
>> create new domains or extend schema or something like that.
>>
>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>> news:ff16fb6627dde8cbbe2d7e045391@msnews.microsoft.com...
>>> Hello Raimundas,
>>>
>>> I am not sure what your forest/domain is built. Do you have domain.com
>>> as root and sub.domain.com or only domain.com?
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>
>>>> Currently i have single windows 2003 domain in my organization, there
>>>> is two domain controllers in domain, first domain controller is
>>>> physical server, second dc is a virtual machine which is on VMware
>>>> ESXi host. Physical server which is forest and domain root dc operates
>>>> with old hardware and i want to move it to the ESXi host too. I have
>>>> already transfered all FSMO roles to second dc. Is there any specific
>>>> ways to transfer forest root and domain root dc? Maybe i need to
>>>> backup system state of the first dc and then install new windows 2003
>>>> server and restore from that backup?
>>>>
>>>> Thanks in advance
>>>>
>>>
>>>
>>
>
>
Re: Transfer forest root role to another DC? [message #156502 is a reply to message #156491] Thu, 18 June 2009 08:11 Go to previous message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
Check out an article I have on Decommissioning a DC at:
http://www.pbbergs.com/windows/articles.htm

This should assist you in your retirement

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Raimundas Janusis" <raimundasj@gmail.com> wrote in message
news:OnKPhaA8JHA.1416@TK2MSFTNGP04.phx.gbl...
> It's single domain, let's say it's domain.local, dc's are dc1.domain.local
> and dc2.domain.local. Dc1.domain.local was installed as first dc for new
> forest and domain, so i'm worried if i demote dc1.domain.local it may be
> some problems to my AD, like i wont be able to create new domains or
> extend schema or something like that.
>
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news:ff16fb6627dde8cbbe2d7e045391@msnews.microsoft.com...
>> Hello Raimundas,
>>
>> I am not sure what your forest/domain is built. Do you have domain.com as
>> root and sub.domain.com or only domain.com?
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>
>>> Currently i have single windows 2003 domain in my organization, there
>>> is two domain controllers in domain, first domain controller is
>>> physical server, second dc is a virtual machine which is on VMware
>>> ESXi host. Physical server which is forest and domain root dc operates
>>> with old hardware and i want to move it to the ESXi host too. I have
>>> already transfered all FSMO roles to second dc. Is there any specific
>>> ways to transfer forest root and domain root dc? Maybe i need to
>>> backup system state of the first dc and then install new windows 2003
>>> server and restore from that backup?
>>>
>>> Thanks in advance
>>>
>>
>>
>
Previous Topic:Active Directory - Internet Access Control
Next Topic:Seven and 2003 AD
Goto Forum:
  


Current Time: Fri Oct 20 03:09:44 EDT 2017

Total time taken to generate the page: 0.03935 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software