Announcement

Collapse
No announcement yet.

Decommisioning AD, PDC server?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Decommisioning AD, PDC server?

    Hi,

    i need to decommission our current AD (primary DC) so I have setup another secondary DC with the AD, DNS,DHCP etc.

    I will setup DFS last. But not how do I make the new server primary AD or Primary DC?

    do i just go to the current server AD right click domain go to OPerations masters and hit change--- select the new server.

    Repete the process for PDC,RID and infrastructure and that's it I am done??

    What other things I need to do? Please advise

    have I missed anything

    What about the policies in the SYSVOL folder will they get replicated of transfer with this process too?

  • #2
    Re: Decommisioning AD, PDC server?

    There are 5 FSMO roles that need to be transferred. The 4 you mentioned and also the Schema Master. The sysvol should replicate to the new DC after the initial dcpromo is run on it. The only other thing to check is that the new DC becomes the authoritative time source for the domain after you transfer the PDC emulator role to it.

    Comment


    • #3
      Re: Decommisioning AD, PDC server?

      five roles

      1. PDC
      2. RIC
      3. Infrastruture
      4. Shema master... how to do this?
      5. ??

      I already run DC promo on the new server it pickup the AD structure.

      under sysvol folder it has pick up folders like domain, staging, staging areas, sysvol ... but nothing in them no policies or scripts has been replicated there.

      Do i have to force replication somehow?

      Comment


      • #4
        Re: Decommisioning AD, PDC server?

        IIRC, if you have only 2 DCs, demoting the one with the FSMOs should automatically transfer them to the other
        However, a very quick suggests that a manual transfer first may be better. Check the main site for an article on how to do this
        As far as replication goes, give it time before panicing!
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Decommisioning AD, PDC server?

          The 5th role is the Domain Naming Master role. Here's a handy article for you:

          http://support.microsoft.com/kb/324801

          Comment


          • #6
            Re: Decommisioning AD, PDC server?

            http://www.petri.com/transferring_fsmo_roles.htm

            Also make sure the new DC is a Global Catalogue server

            Michael
            Michael Armstrong
            www.m80arm.co.uk
            MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

            ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

            Comment


            • #7
              Re: Decommisioning AD, PDC server?

              Thanks guys,

              will do that when soon.
              But currently i am getting following errors


              ON Current DC

              When I run dcdiag /dnsbasic

              "Server01 failed test verify references

              Recommended action: Check that there is not more then one SYSVOL FRS member object for this DC, and if so clean up the older duplicates."

              this server has C:\windows\SYSVOL\sysvol folder so is that duplication the error message is refering to?



              ON new DC (one done dcpromo and DNS so far)

              Error 1.

              when I run dcdiag /dnsbasic

              unable to connect to the NETLOGON share! \\server02\netlogin

              Failed test Netlogons


              Netlogon share should be replicated by itself right? should i wait for the replications or should i create that folder manually and share it?


              Error 2.

              FRSEVENT

              There are warning or error events within the last 24 hrs after the SYSVOL has been shared. Failing SYSVOL replication problems may cause GPO problems


              I guess this is because i didn't have sysvol folder shared and property security level? I have just done it and rebooted the server

              Now its keep losing the SYSVOL folder as shared folder its keep going back to not shared. some GPO overriding it? can't see anysettings in GPO
              Last edited by zrider; 30th April 2009, 02:44. Reason: new results

              Comment


              • #8
                Re: Decommisioning AD, PDC server?

                Ok i have tranfer the followin roles to the new DC


                five roles

                1. PDC
                2. RIC
                3. Infrastruture
                4. Shema master
                5. Domain Naming Master Role



                now what's should be my next step?

                how to I run some test to check everything went sweet and working?? should I reboot soon? how do i make sure its a global catalog?

                How do i tranfer/install GPO policy managment to the new DC?

                HELP
                Last edited by zrider; 28th May 2009, 02:53.

                Comment


                • #9
                  Re: Decommisioning AD, PDC server?

                  i have tranfer the followin roles to the new DC


                  five roles

                  1. PDC
                  2. RIC
                  3. Infrastruture
                  4. Shema master
                  5. Domain Naming Master Role



                  now what's should be my next step?

                  how to I run some test to check everything went sweet and working?? should I reboot soon? how do i make sure its a global catalog?

                  How do i tranfer/install GPO policy managment to the new DC?

                  Comment


                  • #10
                    Re: Decommisioning AD, PDC server?

                    Group policy will replicate automatically (look for the sysvol share on the new DC)

                    If you don't have the Group Policy Management Console, it can be downloaded from Microsoft and installed
                    Tom Jones
                    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                    PhD, MSc, FIAP, MIITT
                    IT Trainer / Consultant
                    Ossian Ltd
                    Scotland

                    ** Remember to give credit where credit is due and leave reputation points where appropriate **

                    Comment


                    • #11
                      Re: Decommisioning AD, PDC server?

                      You can make a DC a GC via AD Sites and Services and going to the NTDS settings. There will be an option to tick, which mentions Global Catalog. Don't go for the caching option. If it's there, your in the incorrect properties section.
                      Last edited by Virtual; 28th May 2009, 12:56.

                      Comment


                      • #12
                        Re: Decommisioning AD, PDC server?

                        Originally posted by zrider View Post
                        i have tranfer the followin roles to the new DC


                        five roles

                        1. PDC
                        2. RIC
                        3. Infrastruture
                        4. Shema master
                        5. Domain Naming Master Role



                        now what's should be my next step?

                        how to I run some test to check everything went sweet and working?? should I reboot soon? how do i make sure its a global catalog?

                        How do i tranfer/install GPO policy managment to the new DC?
                        Check the health of the DC's with DCdiag and Netdiag switches. Ensure they have replicated either by forcing them to replicate from sites and services or waiting for the default time period which i think is 180 minutes. Check AD/DNS and your Sysvol shares and compare it with the other DC just in case and then demote the server. If you have to forcefully demote it then that will be a pain in the a55 as you'll have to clean up AD with NTDSutil and then clear DNS of any stale resource records. As long as both DCdiag and Netdiag return no errors you should be fine.

                        Comment


                        • #13
                          Re: Decommisioning AD, PDC server?

                          NTDSUtil only cleans up sites and services (well at least in my experience), you'll still have lingering objects in the LDAP db that you'll have to manually clean out using ADSIEdit. But depending on your aging times you could scavenge stale records to clean up dns, so that's not as huge an issue.

                          But that's only if you just rip it from the domain, never to be seen again. You'll still have to cleanup DNS records, though, those just don't go away on their own without scavenging stale records.

                          I've had issues with demoting DC's before if I've changed it from a GC to quickly or other things that just didn't replicate yet. Just let your domain replicate all changes for a good day or two after you transfer roles to make sure everyone's happy. Then you can demote the old DC.
                          GoogleFu is strong with this one ^

                          Comment

                          Working...
                          X