I have a pair of Windows 2000 domain controllers. The machine that currently hosts GC is getting tired and is pretty old as far as hardware. I want to replace it with a newer machine I have lying around. Ideally I want to keep the same name and IP address though that is not neccessarily critical. Furthermore I have a license for 2003 server that is not in use so the new machine will run 2003 server. Any advice on the basic step by step?
Asked
Active
Viewed 421 times
1 Answers
7
As you have 2 DC's this makes it a much easier task, I would do the following:
If you wish to use the same name and IP, you can do it this way:
- Transfer any FSMO and GC roles held by the server to be decommisioned to the other.
- Run DCPROMO to demote the server from a DC to a member server
- Remove the server from the domain altogether and turn off
- Bring up the new server, set its name and IP
- Join the new server to the domain
- Run adprep to prepare the domain for server 2003 DC's - See here
- Promote the new server to a domain controller in the existing domain
- Transfer and FSMO roles you wish to host on this DC, set as GC if required
If you are not concerned with using the same name and IP, this is probably the better order:
- Bring up the new server, set its name and IP
- Join the new server to the domain
- Run adprep to prepare the domain for server 2003 DC's - See here
- Promote the new server to a domain controller in the existing domain
- Transfer any FSMO and GC roles held by the server to be decommisioned to one of the others.
- Run DCPROMO to demote the server from a DC to a member server
- Remove the server from the domain altogether and turn off
Obviously before you get rid of the old server you want to have a full backup of everything and ensure any required data has been moved off to the other servers.
Sam Cogan
- 38,158
- 6
- 77
- 113
-
And there is no problem having all FSMO and GC roles on one machine for a while? I will be working on this the next few days and will award answer after success. Would it be cleaner to bring the new machine in as a tertiary domain controller first and then demote the other. Obviously that would not allow for same name/ip, but I was just wondering if that would or would not be cleaner. – AudioDan Jul 15 '09 at 21:42
-
I'd do steps 2 and 3 last. There's no reason you can't have two Win 2000 DCs and one Win 2003 DC on the network at the same time. By DCPROMOing and removing the 2000 DC first, you're leaving yourself in a situation where you only have one DC. If something goes wrong, you've got problems. Better to go from two DCs to three and then back to two than from two DCs to one DC back to two DCs. If that makes any sense. :) – Carl C Jul 15 '09 at 21:45
-
The reason I did it that way was because he wanted to use the same name and IP. – Sam Cogan Jul 15 '09 at 21:51
-
@Sam - That makes sense. I guess I sort of ignored the name and IP part of the question. Heh. I'd solve the name and IP problems another way (remapping network drives, etc.) rather than go down to one DC. Also, if the initial DC doesn't come out of AD cleanly for some reason, any errors might be difficult to distinguish between the old and new DC. Still, what you wrote is correct and answers the question better than what I said. – Carl C Jul 15 '09 at 21:59
-
Unless you have a compelling reason you should give the new DC a new name and IP. Just makes things easier. – jhayes Jul 15 '09 at 22:12
-
Agreed, I think the best option is to use a new name and IP, adjusted answer to show both orders – Sam Cogan Jul 15 '09 at 22:17
-
I think that (new name/ip) is the approach I will take. I will be working on it tomorrow or Friday. The only reason I was avoiding that was that these machines are also the internal DNS (DNS tied to active directory) and machines are statically assigned, not DHCP so I would need to run around and repoint the second DNS on each machine. But as it is <30 machines that is not that big of a deal. And the 3 DC to 2 DC definitely seems safer. – AudioDan Jul 16 '09 at 02:29