No announcement yet.

2003 DCPROMO Checklist

This is a sticky topic.
  • Filter
  • Time
  • Show
Clear All
new posts

  • 2003 DCPROMO Checklist

    Basic 2003 DCPROMO Checklist

    Moderators: Please add/remove/correct anything here as you see fit.

    I am going to be demoting a Windows 2003 Domain Controller during the next few days and thought I’d better do some research on this and find out exactly what steps are needed to prepare the server for the demotion. Unfortunately, there is not a single unified reference that covers all the preparation so I put this guide together which details the common errors I found and their solutions. My plan is to remove the 2003 server completely from the network and what follows is geared towards that goal.

    I presently have three Domain Controllers: the 2003 to be demoted, a 2008 R2 and a 2012 R2. Before I started this the 2003 server hosted DNS and WINS (all the servers hosted DNS) and was also a Global Catalog. It has also been used to host WSUS and Sharepoint and was a central server for our security solution. My network comprises a single AD domain on a single subnet. Most clients use DHCP and some have static IP’s.

    One of the things that became apparent during the research is that before carrying out the demotion it is important that you ensure that nothing is relying on the server for specific services so much of the preparation revolves around this.

    If you can, run DCPROMO out of hours so that you have the freedom and the time to troubleshoot it if any errors occur.

    Before running DCPROMO you must ensure that:

    Because I am removing the 2003 server from the domain I uninstalled DNS. Before I did this I made sure that all computers on the domain were updated with the IP’s of the new DNS servers and that the 2003 IP was removed from the DNS server list. This included configuring the 2003 server to point to another DNS server (for obvious reasons). This was achieved by either manually reconfiguring those clients with static IP’s with the new DNS server IP’s and by updating DHCP scope option 006.

    If you are keeping the 2003 server as a member server and are keeping DNS on it as well, make sure that the first DNS server entry in the IPv4 configuration points at another DNS server on the domain.

    This should be done several weeks before the demotion is scheduled to occur. This will give you time to fix any issues that may arise.

    The same applies to WINS. If you have a requirement for WINS install the feature on another server and update the clients. Again, manually reconfigure machines with static IP’s and/or edit DHCP scope option 044 and enter the new WINS server IP.

    What is important is that these changes are made well in advance of the demotion. You must allow the clients time to pick up the new settings from DHCP. This allows you the opportunity to troubleshoot any issues before the server is removed.

    FSMO Roles:
    If your 2003 server holds any of the FSMO roles you must gracefully move them to another server – do not seize them. If the 2003 server was not a role holder you will still need to ensure that the FSMO roles are hosted by Domain Controllers that can contacted on the network. If you have a FSMO role assigned to an orphaned DC object DCPROMO may fail.

    Open a command window and type:
    netdom query fsmo
    and press Enter. The command will list the roles and the servers that host them.

    Other Applications and Services:
    If you have any other services or applications running on the 2003 server you must ensure that these are hosted elsewhere.

    To recap make sure that the clients and other servers are not relying on the 2003 DC for DNS or WINS. Make sure that Active Directory has replicated properly. Make sure the FSMO roles are hosted by reachable Domain Controllers on the network.

    Active Directory health:
    Run DCDiag and NETDiag on the 2003 server to ensure the DC is healthy. Ideally, use the /v switch to turn on verbose mode and redirect the output to a text file:

    dcdiag /v > dcdiag.txt
    netdiag /v > netdiag.txt

    After the commands have completed review the text files and search for ‘error’ and ‘failed’. The verbose mode should give you enough information to troubleshoot any errors and fix them. Run dcdiag and netdiag again until you are satisfied with the results.

    Switch the 2003 server off
    Ideally, the steps outlined above should be carried out well in advance of the demotion. Once you are certain that everything is off your server and that the other servers are configured as Global Catalogs (as appropriate to your network requirements), switch off the server and leave it off for a week or a few days at least. If the network chugs along without any problems then you will be ready to run DCPROMO. If you encounter any issues power the server back on and troubleshoot until the problem is solved. Then switch it off again.

    Switching the 2003 Domain Controller off will allow you to fix any replication and resolution issues. Better to do this now rather than demote the DC and then discovering your staff cannot login or services/applications have stopped functioning.

    Just before you run DCPROMO:
    Global Catalog:

    You need to make sure the 2003 server is no longer a Global Catalog. While this is not always required several DCPROMO problems have been reported where removing the Global Catalog attribute allowed the demotion to succeed. Note! Before you do this you must ensure that other server(s) have been configured as Global Catalogs otherwise your staff will not be able to log onto the network.

    Again, make sure that other domain controller(s) have been designated as Global Catalogs well in advance.

    To remove the Global Catalog attribute log onto the 2003 server and open Active Directory Sites and Services and expand Sites > Default-First-Site-Name > Servers and expand the 2003 server to reveal NTDS Settings. Right-click NTDS Settings, choose Properties and remove the checkmark from the box next to Global Catalog. Click OK.

    When running DCPROMO:

    If the directory has not fully replicated between the 2003 server and the other DC’s the DCPROMO command may fail with ‘The RPC server is unavailable’. One solution is to open Active Directory Sites and Services, select the 2003 server, right-click NTDS Settings and choose to replicate both ways.

    NETLOGON issues:
    You may encounter NETLOGON errors during the DCPROMO process – in particular a failure to configure the service and a timeout error. These can be overcome by disabling the service just before starting DCPROMO. You can simply stop the service but there is the possibility it will start up again and cause the demotion to fail. Other NETLOGON issues are usually resolved through the correct configuration of DNS – so long as you followed the steps above you should be OK.
    Last edited by Blood; 8th April 2015, 15:54. Reason: Edited Replication check
    A recent poll suggests that 6 out of 7 dwarfs are not happy

  • #2
    Re: 2003 DCPROMO Checklist

    Due to the upcoming EOL of Server 2003, this thread is being Stickied as it may be of otherwise greater than normal help due to the several million Server 2003 machines that have yet to be upgraded.

    Unstick December 31, 2015 unless popularity dictates otherwise.
    Joined: 23rd December 2003
    Departed: 23rd December 2015