No announcement yet.

questions about demoting a DC

  • Filter
  • Time
  • Show
Clear All
new posts

  • questions about demoting a DC


    I'm about to demote an Active Directory Server for a client as several DNS configurations were not properly done when the server was first promoted.

    It is a single server environment, so no replication of the AD information is occuring.

    I just wanted to know the following:

    a) When i demote the server, will any of the users and security group information be stored anywhere (eg. Local Users and Groups) and;

    b) if this is not the case, is there any other way i can store the users and groups so i don't have to spend another full day configuring a server.


  • #2
    Re: questions about demoting a DC

    Is your AD server SBS??

    If not then get another spare pc / server install your server OS on it, promoto it and allow for replication. Then transfere FSMO roles to the new server and then demote and rebuild / fix the old server. Then promoto the old server and transfere the FSMO roles back to the server and demote the oldserver or you could leave it running as another DC / Global Catalogue.

    Not really too sure what to do if your running SBS or you dont have a spare server / pc to build a new server with.

    You may have to export all AD objects and import them again once finished.

    I'm sure others will have some ideas

    Michael Armstrong
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **


    • #3
      Re: questions about demoting a DC

      definately if you had a spare pc. Heck even if it was a pentium 3 500mhz it'll be fine. You just need another place to sync up your AD data.

      if you REALLY don't have another spare pc, then perform a system state backup of the DC (windows backup can do this for you).

      this will backup all your AD data.

      rebuild the box and restore the AD data back.

      now the tricky tihng is, i can't remember if you have to keep the same computer name, domain name etc..

      maybe someone else here can point that out.

      I think M80arm's solution is the least painful and safest way to do it.