Announcement

Collapse
No announcement yet.

Demoting Domain Controllers

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Demoting Domain Controllers

    Ok so we have three domain controllers utdc1, utdc2 and utdc3 running on hardware over four years old. I am in the process of replacing these domain controllers. My plan is for example to demote utdc3, build the new box and promote it to be utdc3 again. Same will be done for utdc1 and utdc2.

    Reason is that we have all these IDM/Pepplesoft systems connecting to ldap and updating user information. IDM admin told me it will be better if we can keep the same name and ip address for the domain controllers.

    My question is what else to consider before demoting these domain controllers. I am aware of FSMO roles, Global Catalog and DNS. I also found out that utdc3 is also a certificate authority server. So I need to migrate Certificate Authority before demoting it.

    So basically if AD experts can guide me to look for "other things/roles" to transfer over before demoting these original root domain controlles. Thanks.

  • #2
    Re: Demoting Domain Controllers

    I think you will run into unnecessary difficulty if the new DCs have the same hostname and IP address as the old servers. What's their reason for wanting to do it this way?
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: Demoting Domain Controllers

      Have you thought about doing bare metal restores on to the new boxes?
      If the information you receive helps please let us know and leave reputation points where appropriate.

      The good news about computers is that they do what you tell them to do. The bad news is that they do what you tell them to do. - Ted Nelson

      Comment


      • #4
        Re: Demoting Domain Controllers

        Hare Krsna,

        Please mention is it w2k3, w2k ?

        The reason for demotion / promotion.

        AD Topology / Single Site or Multiple Site

        If you have system state backup

        If i have above mentioned info i think i will be able to help you better

        Thank you
        Navdeep

        Reputation is earned not Asked for.
        Thanks & Regards
        v-2nas

        MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
        Sr. Wintel Eng. (Investment Bank)
        Independent IT Consultant and Architect
        Blog: http://www.exchadtech.blogspot.com

        Show your appreciation for my help by giving reputation points

        Comment


        • #5
          Re: Demoting Domain Controllers

          Originally posted by gforceindustries View Post
          I think you will run into unnecessary difficulty if the new DCs have the same hostname and IP address as the old servers. What's their reason for wanting to do it this way?
          this is not a problem

          Comment


          • #6
            Re: Demoting Domain Controllers

            Originally posted by rwani View Post
            Ok so we have three domain controllers utdc1, utdc2 and utdc3 running on hardware over four years old. I am in the process of replacing these domain controllers. My plan is for example to demote utdc3, build the new box and promote it to be utdc3 again. Same will be done for utdc1 and utdc2.

            Reason is that we have all these IDM/Pepplesoft systems connecting to ldap and updating user information. IDM admin told me it will be better if we can keep the same name and ip address for the domain controllers.

            My question is what else to consider before demoting these domain controllers. I am aware of FSMO roles, Global Catalog and DNS. I also found out that utdc3 is also a certificate authority server. So I need to migrate Certificate Authority before demoting it.

            So basically if AD experts can guide me to look for "other things/roles" to transfer over before demoting these original root domain controlles. Thanks.
            it is an option what you are saying and it probably would work, but there is another option if you feel going on a different path.

            create a utdc4 (new machine). promote it to a DC, then demote utdc3 and then create a CNAME record in your DNS under the name of utdc3 pointing to the A record of utdc4, that would cover all your IDM problems that are name based.
            do the same on all DCs and your done.
            e.g. utdc2 CNAME = utdc5 Arecord
            utdc1 CNAME = utdc6 A record
            or whatever, well you get my point....
            Last edited by Akila; 11th November 2008, 22:25.

            Comment

            Working...
            X