+ Post New Thread
Results 1 to 15 of 15
Windows Server 2000/2003 Thread, Removing Old DC from Domain in Technical; I have 2 DC's both running server 2003, but one of them now as far as I can tell does ...
  1. #1


    Join Date
    May 2009
    Location
    UK
    Posts
    2,105
    Thank Post
    256
    Thanked 450 Times in 251 Posts
    Rep Power
    141

    Removing Old DC from Domain

    I have 2 DC's both running server 2003, but one of them now as far as I can tell does nothing useful on the network, but is a fully functional DC for replication etc.

    -No shares of use on it.
    -No printers based on it
    -No users based on it

    I want to remove this server from the domain, as I plan to start setting it up as a new/replacement Domain which I want to put in over the summer. So as far as I can tell I should just need to kill the trust between the servers, but i've never had to do this before, hence why I'm asking!

    Can anyone point me towards a guide, or willing to hold my hand through the steps to do this? The only guides I came across with my google skills was to completely delete an entire domain, not just remove the trust between two DC's.

  2. #2

    tmcd35's Avatar
    Join Date
    Jul 2005
    Location
    Norfolk
    Posts
    5,665
    Thank Post
    850
    Thanked 893 Times in 738 Posts
    Blog Entries
    9
    Rep Power
    328
    Do a quick google search for 'FSMO roles' and make sure these are moved to another DC before doing anything else (assuming it even has any FSMO roles). Then simply run 'dcpromo' and follow the wizard to remove from domain.

  3. #3


    Join Date
    May 2009
    Location
    UK
    Posts
    2,105
    Thank Post
    256
    Thanked 450 Times in 251 Posts
    Rep Power
    141
    all FSMO roles are on the other DC, checked that one already!

  4. #4

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    10,393
    Thank Post
    600
    Thanked 2,170 Times in 994 Posts
    Blog Entries
    23
    Rep Power
    630
    Are you sure you want to run a domain with a single DC? In the event of a mishap with your main domain controller this can be fatal (both for the network and career!)

    Edited to add, if you can, at leat virtualise a second DC, on a sperate box from the main DC.

  5. #5


    Join Date
    Jul 2007
    Location
    Rural heck
    Posts
    2,662
    Thank Post
    120
    Thanked 434 Times in 353 Posts
    Rep Power
    126
    Quote Originally Posted by tmcd35 View Post
    simply run 'dcpromo' and follow the wizard to remove from domain.
    This, FSMO roles should be automaticaly transfered anyway.

    It's not running DNS or anything like that is it?

  6. #6


    Join Date
    May 2009
    Location
    UK
    Posts
    2,105
    Thank Post
    256
    Thanked 450 Times in 251 Posts
    Rep Power
    141
    No DNS, no DHCP, it's literally just there for AD replication as far as I can see. it used to house an intranet site, but that has disappeared into the ether somewhere by my predecessor!

    As to running a single DC/fallover options, if my main DC dies, it'd almost be a blessing!
    See here http://www.edugeek.net/forums/networ...tml#post508203

    I plan to remove this server, and hopefully rebuild it as a new DC for a new domain, to prep for replacing it all for something new and shiney without the burden of Winsuite.

    If I don't get my way for Server2008, I'll just use this as a vanilla platform for building new GPO's on anyway, and will push those out over the summer instead.

  7. #7

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    10,393
    Thank Post
    600
    Thanked 2,170 Times in 994 Posts
    Blog Entries
    23
    Rep Power
    630
    Yes, but you don't want it to die tomorrow do you?

  8. #8


    Join Date
    May 2009
    Location
    UK
    Posts
    2,105
    Thank Post
    256
    Thanked 450 Times in 251 Posts
    Rep Power
    141
    If the primary DC dies now, in 2 weeks or 2 months, EVERYTHING is running on it, and nothing at this time will change it. It runs DNS, all AD, users, all shares, all printers, the school's website, AV control and deployment.
    Now unless one of you want to give me a couple of new servers to rebuild my network with, I have no choice but to work with this server, which does nothing, so that I CAN get some sort of network running.

    My network is a mess as it stands, with Winsuite running, Conflicting GPO's, no GP based deployments, out of date Ghost images that haven't been setup properly all involving winsuite, Permissions are a mess, Folder structures make no sense, Programs installed on network that should be local, local that should be network.... I Could go on but I'm getting bored of it.
    I am in the process of planning a new network, but to do that I need a server to start the process on.

  9. #9


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,638
    Thank Post
    275
    Thanked 778 Times in 605 Posts
    Rep Power
    223
    Quote Originally Posted by neilfisher View Post
    Now unless one of you want to give me a couple of new servers to rebuild my network with, I have no choice but to work with this server, which does nothing, so that I CAN get some sort of network running.
    Not wishing to dogpile you, but have you considered building the new domain virtually on a desktop (esx/vmware server/xen/virtualbox) so the basics (AD, GPOs, dns, accounts transferred using ADMT) are in place?
    Since there'll only be you using and testing it you could easily spin up a couple of DCs, a member server plus a couple of test workstations on a half-decent desktop.

    Once that's done, it's simply a case of decommission secondary DC on the old domain, wipe it > install 2008 > patch > join to new (virtual) domain > dcpromo and make GC.

    I don't have any spare new servers, but I do have a pair of Dell 1600SCs sitting under a bench collecting dust if they're of use.

  10. #10

    Dos_Box's Avatar
    Join Date
    Jun 2005
    Location
    Preston, Lancashire
    Posts
    10,393
    Thank Post
    600
    Thanked 2,170 Times in 994 Posts
    Blog Entries
    23
    Rep Power
    630
    Quote Originally Posted by neilfisher View Post
    If the primary DC dies now, in 2 weeks or 2 months, EVERYTHING is running on it, and nothing at this time will change it. It runs DNS, all AD, users, all shares, all printers, the school's website, AV control and deployment.
    Now unless one of you want to give me a couple of new servers to rebuild my network with, I have no choice but to work with this server, which does nothing, so that I CAN get some sort of network running.

    My network is a mess as it stands, with Winsuite running, Conflicting GPO's, no GP based deployments, out of date Ghost images that haven't been setup properly all involving winsuite, Permissions are a mess, Folder structures make no sense, Programs installed on network that should be local, local that should be network.... I Could go on but I'm getting bored of it.
    I am in the process of planning a new network, but to do that I need a server to start the process on.
    Yes, but your seondary DC is also caching\mirroing AD and DNS. Should the primary fail compleyely you can at least install DHCP quickly, restore user areas (even if you have to rip out the HDs from the old machine) , remap user areas, seize the FSMO roles and you'll be back up and running within a day and the hero of the hour

  11. #11


    Join Date
    May 2009
    Location
    UK
    Posts
    2,105
    Thank Post
    256
    Thanked 450 Times in 251 Posts
    Rep Power
    141
    Not an entirely daft option, but a lack of machines in the school capable of doing that, and a lack of licenses to do it are the restricting factors. The only machine I have that could properly handle virtual servers running on them, as my office PC (that I'm currently typing this on!)

    I also have no money for new tech, and right now am fighting to even get the server2008 licenses I want to upgrade to, let alone VM solutions, and spares to test with. And half of the problems right now are because we have bad, incorrent numbers of, or unlicensed items on the network, so I would rather avoid setting up my network with MORE unlicensed software!.

    4 months on from starting the job, I'm still using a 15" monitor that only supports a max resolution of 1024x768, and have to seek permission from the HT to buy any new ones!

  12. #12


    Join Date
    May 2009
    Location
    UK
    Posts
    2,105
    Thank Post
    256
    Thanked 450 Times in 251 Posts
    Rep Power
    141
    Another reason for decomming this DC, is because my 'cheaper' alternative is to rebuild the domain anyway, but sticking with server2003.

    This machine, because it had (I have now managed to get it to demote, there was something funny going on with the vlans.... don't ask!) almost nothing running on it, I can now recommission it with a new domain, and start working on it now.
    If I then get my way with a server2008r2 upgrade, I can deal with that when it comes along, but having never setup a complete network from the start before, having some prior knowledge on doing it before would be beneficial, albeit on a different version.

  13. #13

    Join Date
    Dec 2009
    Location
    London
    Posts
    42
    Thank Post
    4
    Thanked 10 Times in 7 Posts
    Rep Power
    11
    If all the roles are on the other DC, (RID Master, PDC Emulator, Infrastructure Master, Naming Master and Schema Master), and it's not being referenced as a secondary DNS server by the workstations and it isn't a global catalog, then you can just run dcpromo and demote the DC to a member server.

  14. #14

    Join Date
    Dec 2009
    Location
    London
    Posts
    42
    Thank Post
    4
    Thanked 10 Times in 7 Posts
    Rep Power
    11
    well if it is being referenced as a secondary DNS server it isn't the end of the world! Make sure it's not the primary DNS Server for workstations

  15. #15


    Join Date
    May 2009
    Location
    UK
    Posts
    2,105
    Thank Post
    256
    Thanked 450 Times in 251 Posts
    Rep Power
    141
    The server literally did nothing except AD replication in the grand scheme of things, and until today has been offline for the last 3 months due to other factors (namely a rewire of my ICT room where they didn't put enough network sockets in for the 3 servers!)
    And in fact, this server caused more trouble than it fixed, when I had some networking issues that caused the AD replication to fail, it locked out both servers from allowing any authentication for a week!

    It wasn't even a backup DNS. It has been dcpromo'd, and is now just in the process of becoming a new test domain. I'd love some new machines, maybe some server upgrades, or even a new server to do it on, but I just don't have it. After discussions I had today, I'm not sure I can even get my new server OS's this year, they might have to wait till next year!

SHARE:
+ Post New Thread

Similar Threads

  1. can parent domain users log into a sub domain
    By eastofsmeg in forum Wireless Networks
    Replies: 15
    Last Post: 27th January 2010, 03:04 PM
  2. Replies: 8
    Last Post: 16th November 2009, 10:08 AM
  3. Removing Domain and rebuilding
    By HodgeHi in forum Windows
    Replies: 4
    Last Post: 24th July 2008, 10:47 AM
  4. Replies: 3
    Last Post: 10th April 2007, 08:40 AM
  5. 1 Domain + 1 domain + syncronised users = possible?
    By tarquel in forum Wireless Networks
    Replies: 52
    Last Post: 30th October 2006, 02:08 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •