Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Replace old domain controller
Replace old domain controller [message #161884] Thu, 08 October 2009 17:09 Go to next message
zeb2100  is currently offline zeb2100
Messages: 12
Registered: August 2009
Junior Member
I have an old domain controller that I need to replace. It is running Server
2003. The other two Domain controllers are also running Server 2003. All
fsmo roles have been transferred to another domain controller, and all domain
controllers are running integrated dns.

The new domain controller has to have the same name and ip address of the
old domain controller. The new domain controller will be running Server
2008. Here is my plan:

1. Demote the old domain controller, and remove from domain and turn off.

2. Allow replication to occur. I will probably wait for a few days before
doing anything else.

3. Run Adprep on one of the remaining domain controllers with the server
2008 dvd.

4. Change the name and IP address of the new server to the name of the old
domain controller.

5. Promote the new server to a domain controller, and install DNS.

Is this a good plan? If not I would appreciate any suggestions. Thanks.
Re: Replace old domain controller [message #161885 is a reply to message #161884] Thu, 08 October 2009 19:17 Go to previous messageGo to next message
Marcin  is currently offline Marcin  United States
Messages: 273
Registered: July 2009
Senior Member
You should transfer the FSMO roles to the new domain controller and
designate it as a GC. Additional steps might be required depending on the
reason for keeping the same IP address and name...

hth
Marcin

"zeb2100" <zeb2100@discussions.microsoft.com> wrote in message
news:2E06B296-A73D-4CAA-A227-4F606D41FFD1@microsoft.com...
>I have an old domain controller that I need to replace. It is running
>Server
> 2003. The other two Domain controllers are also running Server 2003. All
> fsmo roles have been transferred to another domain controller, and all
> domain
> controllers are running integrated dns.
>
> The new domain controller has to have the same name and ip address of the
> old domain controller. The new domain controller will be running Server
> 2008. Here is my plan:
>
> 1. Demote the old domain controller, and remove from domain and turn off.
>
> 2. Allow replication to occur. I will probably wait for a few days before
> doing anything else.
>
> 3. Run Adprep on one of the remaining domain controllers with the server
> 2008 dvd.
>
> 4. Change the name and IP address of the new server to the name of the
> old
> domain controller.
>
> 5. Promote the new server to a domain controller, and install DNS.
>
> Is this a good plan? If not I would appreciate any suggestions. Thanks.
Re: Replace old domain controller [message #161897 is a reply to message #161884] Thu, 08 October 2009 23:46 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello zeb2100,

Your steps sound ok. Make sure to have an actual backup, at least from the
system state. Before starting run the diagnoistic tools dcdaig /v, netdiag
/v and repadmin /showrepl to check for errors.

After adding the new DC move the 5 FSMO to it, that way(when PDCEmulator
FSMO comes to 2008) a new security group is created, Terminal server license
servers, for example. SO the have the FSMOs always on the newest OS DC.

Adprep commands run acdcording to:
http://technet.microsoft.com/en-us/library/cc731728(WS.10).aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I have an old domain controller that I need to replace. It is running
> Server 2003. The other two Domain controllers are also running Server
> 2003. All fsmo roles have been transferred to another domain
> controller, and all domain controllers are running integrated dns.
>
> The new domain controller has to have the same name and ip address of
> the old domain controller. The new domain controller will be running
> Server 2008. Here is my plan:
>
> 1. Demote the old domain controller, and remove from domain and turn
> off.
>
> 2. Allow replication to occur. I will probably wait for a few days
> before doing anything else.
>
> 3. Run Adprep on one of the remaining domain controllers with the
> server 2008 dvd.
>
> 4. Change the name and IP address of the new server to the name of
> the old domain controller.
>
> 5. Promote the new server to a domain controller, and install DNS.
>
> Is this a good plan? If not I would appreciate any suggestions.
> Thanks.
>
Re: Replace old domain controller [message #161974 is a reply to message #161897] Mon, 12 October 2009 08:37 Go to previous messageGo to next message
zeb2100  is currently offline zeb2100
Messages: 12
Registered: August 2009
Junior Member
"Meinolf Weber [MVP-DS]" wrote:

> Hello zeb2100,
>
> Your steps sound ok. Make sure to have an actual backup, at least from the
> system state. Before starting run the diagnoistic tools dcdaig /v, netdiag
> /v and repadmin /showrepl to check for errors.
>
> After adding the new DC move the 5 FSMO to it, that way(when PDCEmulator
> FSMO comes to 2008) a new security group is created, Terminal server license
> servers, for example. SO the have the FSMOs always on the newest OS DC.
>
> Adprep commands run acdcording to:
> http://technet.microsoft.com/en-us/library/cc731728(WS.10).aspx
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > I have an old domain controller that I need to replace. It is running
> > Server 2003. The other two Domain controllers are also running Server
> > 2003. All fsmo roles have been transferred to another domain
> > controller, and all domain controllers are running integrated dns.
> >
> > The new domain controller has to have the same name and ip address of
> > the old domain controller. The new domain controller will be running
> > Server 2008. Here is my plan:
> >
> > 1. Demote the old domain controller, and remove from domain and turn
> > off.
> >
> > 2. Allow replication to occur. I will probably wait for a few days
> > before doing anything else.
> >
> > 3. Run Adprep on one of the remaining domain controllers with the
> > server 2008 dvd.
> >
> > 4. Change the name and IP address of the new server to the name of
> > the old domain controller.
> >
> > 5. Promote the new server to a domain controller, and install DNS.
> >
> > Is this a good plan? If not I would appreciate any suggestions.
> > Thanks.
> >
>
>
> Thanks for your help. One more question, if after removing the old domain controller, and after a few days, there are still remnants of the old domain controller, should I delete these instances before bringing in the new domain controller? Thanks.
Re: Replace old domain controller [message #161975 is a reply to message #161974] Mon, 12 October 2009 09:00 Go to previous messageGo to next message
aceman  is currently offline aceman  United States
Messages: 5816
Registered: July 2009
Senior Member
"zeb2100" <zeb2100@discussions.microsoft.com> wrote in message
news:FBA04FD5-B775-428E-974C-8D15F3BA2635@microsoft.com...
>
>
> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello zeb2100,
>>
>> Your steps sound ok. Make sure to have an actual backup, at least from
>> the
>> system state. Before starting run the diagnoistic tools dcdaig /v,
>> netdiag
>> /v and repadmin /showrepl to check for errors.
>>
>> After adding the new DC move the 5 FSMO to it, that way(when PDCEmulator
>> FSMO comes to 2008) a new security group is created, Terminal server
>> license
>> servers, for example. SO the have the FSMOs always on the newest OS DC.
>>
>> Adprep commands run acdcording to:
>> http://technet.microsoft.com/en-us/library/cc731728(WS.10).aspx
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>
>>
>> > I have an old domain controller that I need to replace. It is running
>> > Server 2003. The other two Domain controllers are also running Server
>> > 2003. All fsmo roles have been transferred to another domain
>> > controller, and all domain controllers are running integrated dns.
>> >
>> > The new domain controller has to have the same name and ip address of
>> > the old domain controller. The new domain controller will be running
>> > Server 2008. Here is my plan:
>> >
>> > 1. Demote the old domain controller, and remove from domain and turn
>> > off.
>> >
>> > 2. Allow replication to occur. I will probably wait for a few days
>> > before doing anything else.
>> >
>> > 3. Run Adprep on one of the remaining domain controllers with the
>> > server 2008 dvd.
>> >
>> > 4. Change the name and IP address of the new server to the name of
>> > the old domain controller.
>> >
>> > 5. Promote the new server to a domain controller, and install DNS.
>> >
>> > Is this a good plan? If not I would appreciate any suggestions.
>> > Thanks.
>> >
>>
>>
>>

> Thanks for your help. One more question, if after removing the
> old domain controller, and after a few days, there are still remnants
> of the old domain controller, should I delete these instances before
> bringing in the new domain controller? Thanks.


Remants?? If the DC was properly demoted, there should be no remnants.
Possibly check Sites and Services to make sure the server object itself
isn't listed, other than that, there shouldn't be any remnants.

You can use the Metadata Cleanup procedure just to check if it's reference
remains in the AD database.

Cleanup (Metadata Cleanup) the AD database from the crashed DC
How to remove data in Active Directory after an unsuccessful domain
controller demotion Windows 2000 and 2003
http://support.microsoft.com/kb/216498

or

Cleanup Metadata Windows 2003
http://technet.microsoft.com/en-us/library/cc736378(WS.10).aspx


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA
Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
Re: Replace old domain controller [message #161988 is a reply to message #161974] Mon, 12 October 2009 14:26 Go to previous message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello zeb2100,

First i made a typo, must be dcdiag /v not dcdaig /v.

You have to demote a domain controller with dcpromo to remove it correct.
Follow this steps for removing a DC:

- reconfigure your clients/servers that they not longer point to the old
DC/DNS server on the NIC

- to be sure that everything runs fine, disconnect the old DC from the network
and check with clients and servers the connectivity, logon and also with
one client a restart to see that everything is ok

- then run dcpromo to demote the old DC, if it works fine the machine will
move from the DC's OU to the computers container, where you can delete it
by hand. Can be that you got an error during demoting at the beginning, then
uncheck the Global catalog on that DC and try again

- check the DNS management console, that all entries from the machine are
disappeared or delete them by hand if the machine is off the network for ever

- also you have to start AD sites and services and delete the old servername
under the site, this will not be done during demotion

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> "Meinolf Weber [MVP-DS]" wrote:
>
>> Hello zeb2100,
>>
>> Your steps sound ok. Make sure to have an actual backup, at least
>> from the system state. Before starting run the diagnoistic tools
>> dcdaig /v, netdiag /v and repadmin /showrepl to check for errors.
>>
>> After adding the new DC move the 5 FSMO to it, that way(when
>> PDCEmulator FSMO comes to 2008) a new security group is created,
>> Terminal server license servers, for example. SO the have the FSMOs
>> always on the newest OS DC.
>>
>> Adprep commands run acdcording to:
>> http://technet.microsoft.com/en-us/library/cc731728(WS.10).aspx
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers
>> no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> I have an old domain controller that I need to replace. It is
>>> running Server 2003. The other two Domain controllers are also
>>> running Server 2003. All fsmo roles have been transferred to
>>> another domain controller, and all domain controllers are running
>>> integrated dns.
>>>
>>> The new domain controller has to have the same name and ip address
>>> of the old domain controller. The new domain controller will be
>>> running Server 2008. Here is my plan:
>>>
>>> 1. Demote the old domain controller, and remove from domain and
>>> turn off.
>>>
>>> 2. Allow replication to occur. I will probably wait for a few days
>>> before doing anything else.
>>>
>>> 3. Run Adprep on one of the remaining domain controllers with the
>>> server 2008 dvd.
>>>
>>> 4. Change the name and IP address of the new server to the name of
>>> the old domain controller.
>>>
>>> 5. Promote the new server to a domain controller, and install DNS.
>>>
>>> Is this a good plan? If not I would appreciate any suggestions.
>>> Thanks.
>>>
>> Thanks for your help. One more question, if after removing the old
>> domain controller, and after a few days, there are still remnants of
>> the old domain controller, should I delete these instances before
>> bringing in the new domain controller? Thanks.
>>
Previous Topic:Cannot create Forest level trust in 2003
Next Topic:change admin password
Goto Forum:
  


Current Time: Tue Jan 16 10:40:54 MST 2018

Total time taken to generate the page: 0.03740 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software