Re: Making another DC the Primary
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Mon, 18 Apr 2005 15:34:33 -0500
"Mark" <mark@xxxxxxxxxxxxx> wrote in message
news:u4lLGOFRFHA.2744@xxxxxxxxxxxxxxxxxxxxxxx
> > Mind you, I'm concerned about what this mean:
> >
> >> has two DCs. Actually, it now has three because I intend to demote the
> >> one.
> >
> >
> > Can you clarify??
>
>
> Hi Paul,
>
> Sorry for the confusion - my child domain had the original domain
controller
> (that's Primary) and a backup domain controller - that was my original
> configuration.
First of all they are both "just DCs".
The first one will (be default) hold the specical roles,
including the PDC Emulator but it isn't primary and there
are no Win2000+ Backup DCs.
> But I've been getting some bad vibes from the Primary and
> got nervous,
What sort of bad vibes? If you have a DNS or other replication
problem you will likely just move that problem around.
> ...so I promoted another server in my child domain.
That is a good idea -- especially if you are concerned about
hard drives, motherboards, power supplies, and other failures.
You should (practically) always have TWO DCs (or more)
PER DOMAIN if this is at all possible.
> Now I'd like to demote the original,
Why? You believed you needed an "extra" so what is better
about the new one over the old one?
What will you do with this server if your retire it as a DC?
Why can't it continue being another DC?
> but I didn't know what would happen to its role as
> Primary.
The (5 or 3) ROLES are SUPPOSED to transfer if you DCPromo
correctly -- I don't like to trust it and prefer to transfer them myself
using NTDSUtil (see below***).
> All three have global catalogs (needed at least one in the child
> domain for my Exchange server). I'm going to remove the GC from that
> Primary first.
Not necessary. A GC "leaving" is no big deal IF you
have another.
In general, single domains, and small forests with multiple
domains should have ever DC as a GC.
If you don't do that, the GC and infrastructure master should
not be on the same DC.
> When I was testing AD, prior to my migration from NT4, I had gone through
> the FSMO roles situation, but seemed to remember that a proper demotion
> using dcpromo moved those elsewhere? I guess my memory is failing me.
:-)
It is supposed to do that -- and it will IF the DNS and other
connectivity are CORRECT.
Most AD problems are really DNS problems though, so if
you DC is shaky, or untrustworthy, I wouldn't trust it to do that
either.
***NTDS roles
Search Google for:
[ NTDSutil "transfer roles" ]
Do NOT use "seize" unless the other DC is gone PERMANENTLY.
No need to add either site:microsoft.com OR microsoft:
since the NTDS and other terms make it Microsoft specific
by itself.
Key points to NOTE when working with NTDSUtil:
You CONNECT to a WORKING DC.
'Connect' (and 'Select') are technical terms in this context.
.
- Follow-Ups:
- Re: Making another DC the Primary
- From: Mark
- Re: Making another DC the Primary
- References:
- Making another DC the Primary
- From: Mark
- Re: Making another DC the Primary
- From: ptwilliams
- Re: Making another DC the Primary
- From: Mark
- Making another DC the Primary
- Prev by Date: Re: Software Deployment
- Next by Date: Re: Software Deployment
- Previous by thread: Re: Making another DC the Primary
- Next by thread: Re: Making another DC the Primary
- Index(es):
Relevant Pages
|
