Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Demoting a legacy DC

  • Filter
  • Time
  • Show
Clear All
new posts

  • Demoting a legacy DC


    Could someone please tell me what issues could be caused by demoting a legacy domain controller andd how to mitigate them.
    I could thing of problems that might arise if the DC holds a FSMO role.

    Your help is greatly appreciated.


  • #2
    Re: Demoting a legacy DC

    What OS? As long as you can verify that the FSMOs have been moved off and there aren't isn't any data etc...left on there, I can't see a problem.........

    JUST MAKE SURE THE FSMOs have gone over.........


    • #3
      Re: Demoting a legacy DC

      Transfer the FSMO roles, make sure you have other DCs, GCs, DNS servers and that DHCP is giving those IPs out. Then run dcpromo to remove AD settings from the machine. DO NOT tick the box for "This is the last domain controller in the domain" when you demote it.
      BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
      Cruachan's Blog


      • #4
        Re: Demoting a legacy DC

        Demoting a DC by running DCPROMO will automatically transfer the FSMO roles to another DC. You don't need to do it manually. You should make sure that the remaining DC is a GC and verify that replication is working between the two DC's and that your AD DNS zone has the correct SRV records before running DCPROMO to demote the old DC.


        • #5
          Re: Demoting a legacy DC

          Make absolutely certain the DC being demoted is NOT the Certificate Authority for your system. If so, use to find instructions on how to migrate the CA from one server to another.

          And if, when you run dcpromo to demote the old DC, it fails the process, kill the device. Then log onto another DC and use ntdsutil to clear the metadata of references to the now-dead DC. (Just had to go thru that very process today, in fact.) Finally, go through DNS and remove any leftover service record entries for the DC you just killed.
          MSCA (2003/XP), Security+, CCNA

          ** Remember: credit where credit is due, and reputation points as appropriate **