Removing Old DC from Domain

[Rydra]

I have 2 DC's both running server 2003, but one of them now as far as I can tell does nothing useful on the network, but is a fully functional DC for replication etc.

 

-No shares of use on it.

-No printers based on it

-No users based on it

 

I want to remove this server from the domain, as I plan to start setting it up as a new/replacement Domain which I want to put in over the summer. So as far as I can tell I should just need to kill the trust between the servers, but i've never had to do this before, hence why I'm asking!

 

Can anyone point me towards a guide, or willing to hold my hand through the steps to do this? The only guides I came across with my google skills was to completely delete an entire domain, not just remove the trust between two DC's.

[tmcd35]

Do a quick google search for 'FSMO roles' and make sure these are moved to another DC before doing anything else (assuming it even has any FSMO roles). Then simply run 'dcpromo' and follow the wizard to remove from domain.

[Rydra]

all FSMO roles are on the other DC, checked that one already!

[Dos_Box]

Are you sure you want to run a domain with a single DC? In the event of a mishap with your main domain controller this can be fatal (both for the network and career!)

 

Edited to add, if you can, at leat virtualise a second DC, on a sperate box from the main DC.

[K.C.Leblanc]

simply run 'dcpromo' and follow the wizard to remove from domain.

 

This, FSMO roles should be automaticaly transfered anyway.

 

It's not running DNS or anything like that is it?

[Rydra]

No DNS, no DHCP, it's literally just there for AD replication as far as I can see. it used to house an intranet site, but that has disappeared into the ether somewhere by my predecessor!

 

As to running a single DC/fallover options, if my main DC dies, it'd almost be a blessing!

See here http://www.edugeek.net/forums/networks/55876-how-long-rebuild-network-servers-workstations-2.html#post508203

 

I plan to remove this server, and hopefully rebuild it as a new DC for a new domain, to prep for replacing it all for something new and shiney without the burden of Winsuite.

 

If I don't get my way for Server2008, I'll just use this as a vanilla platform for building new GPO's on anyway, and will push those out over the summer instead.

[Dos_Box]

Yes, but you don't want it to die tomorrow do you?

[Rydra]

If the primary DC dies now, in 2 weeks or 2 months, EVERYTHING is running on it, and nothing at this time will change it. It runs DNS, all AD, users, all shares, all printers, the school's website, AV control and deployment.

Now unless one of you want to give me a couple of new servers to rebuild my network with, I have no choice but to work with this server, which does nothing, so that I CAN get some sort of network running.

 

My network is a mess as it stands, with Winsuite running, Conflicting GPO's, no GP based deployments, out of date Ghost images that haven't been setup properly all involving winsuite, Permissions are a mess, Folder structures make no sense, Programs installed on network that should be local, local that should be network.... I Could go on but I'm getting bored of it.

I am in the process of planning a new network, but to do that I need a server to start the process on.

[pete]

Now unless one of you want to give me a couple of new servers to rebuild my network with, I have no choice but to work with this server, which does nothing, so that I CAN get some sort of network running.

 

Not wishing to dogpile you, but have you considered building the new domain virtually on a desktop (esx/vmware server/xen/virtualbox) so the basics (AD, GPOs, dns, accounts transferred using ADMT) are in place?

Since there'll only be you using and testing it you could easily spin up a couple of DCs, a member server plus a couple of test workstations on a half-decent desktop.

 

Once that's done, it's simply a case of decommission secondary DC on the old domain, wipe it > install 2008 > patch > join to new (virtual) domain > dcpromo and make GC.

 

I don't have any spare new servers, but I do have a pair of Dell 1600SCs sitting under a bench collecting dust if they're of use.

[Dos_Box]

If the primary DC dies now, in 2 weeks or 2 months, EVERYTHING is running on it, and nothing at this time will change it. It runs DNS, all AD, users, all shares, all printers, the school's website, AV control and deployment.

Now unless one of you want to give me a couple of new servers to rebuild my network with, I have no choice but to work with this server, which does nothing, so that I CAN get some sort of network running.

 

My network is a mess as it stands, with Winsuite running, Conflicting GPO's, no GP based deployments, out of date Ghost images that haven't been setup properly all involving winsuite, Permissions are a mess, Folder structures make no sense, Programs installed on network that should be local, local that should be network.... I Could go on but I'm getting bored of it.

I am in the process of planning a new network, but to do that I need a server to start the process on.

 

Yes, but your seondary DC is also caching\mirroing AD and DNS. Should the primary fail compleyely you can at least install DHCP quickly, restore user areas (even if you have to rip out the HDs from the old machine) , remap user areas, seize the FSMO roles and you'll be back up and running within a day and the hero of the hour

[Rydra]

Not an entirely daft option, but a lack of machines in the school capable of doing that, and a lack of licenses to do it are the restricting factors. The only machine I have that could properly handle virtual servers running on them, as my office PC (that I'm currently typing this on!)

 

I also have no money for new tech, and right now am fighting to even get the server2008 licenses I want to upgrade to, let alone VM solutions, and spares to test with. And half of the problems right now are because we have bad, incorrent numbers of, or unlicensed items on the network, so I would rather avoid setting up my network with MORE unlicensed software!.

 

4 months on from starting the job, I'm still using a 15" monitor that only supports a max resolution of 1024x768, and have to seek permission from the HT to buy any new ones!

[Rydra]

Another reason for decomming this DC, is because my 'cheaper' alternative is to rebuild the domain anyway, but sticking with server2003.

 

This machine, because it had (I have now managed to get it to demote, there was something funny going on with the vlans.... don't ask!) almost nothing running on it, I can now recommission it with a new domain, and start working on it now.

If I then get my way with a server2008r2 upgrade, I can deal with that when it comes along, but having never setup a complete network from the start before, having some prior knowledge on doing it before would be beneficial, albeit on a different version.

[prad]

If all the roles are on the other DC, (RID Master, PDC Emulator, Infrastructure Master, Naming Master and Schema Master), and it's not being referenced as a secondary DNS server by the workstations and it isn't a global catalog, then you can just run dcpromo and demote the DC to a member server.

[prad]

well if it is being referenced as a secondary DNS server it isn't the end of the world! Make sure it's not the primary DNS Server for workstations

[Rydra]

The server literally did nothing except AD replication in the grand scheme of things, and until today has been offline for the last 3 months due to other factors (namely a rewire of my ICT room where they didn't put enough network sockets in for the 3 servers!)

And in fact, this server caused more trouble than it fixed, when I had some networking issues that caused the AD replication to fail, it locked out both servers from allowing any authentication for a week!

 

It wasn't even a backup DNS. It has been dcpromo'd, and is now just in the process of becoming a new test domain. I'd love some new machines, maybe some server upgrades, or even a new server to do it on, but I just don't have it. After discussions I had today, I'm not sure I can even get my new server OS's this year, they might have to wait till next year!