Re: removing second DC from forest
- From: "Jorge Silva" <jorgesilva_pt@xxxxxxxxxxx>
- Date: Sun, 10 Dec 2006 00:31:26 -0000
Ok
When you run Dcpromo on DC2, that action will remove the Domain Controller Role from DC2 and DC2 will become a member server of your domain.
However the server will remain in ADSS (this is by design), you just need to go to the ADSS (on DC1) and manually remove the server from ADSS, this is done after you run dcpromo on DC2.
*ADSS = Active Directory Sites and Services
--
*************************************************
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA + Exchange + MSCE
*************************************************
"Ams" <Ams@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:FB74A90D-68E4-41CC-BF8D-718E43A20AC1@xxxxxxxxxxxxxxxx
Hi Jorge,
I am doing it in order you adviced:
*Correct order of operations:
- Transfer any services that you might have on the DC2 to DC1 (like; DNS,
DHCP, Wins, DFS, etc).
Non of these services running on DC2.
- Transfer any FSMO roles from the DC2 to the DC1 (If DC2 has any FSMO
roles)
Checked with NTDSUtil on both DC. The result on DC2 as: DC2 knows about 5
roles
Schema -CN=NTDS Settings, CN=DC1, CN=servers, CN=default-first-site,
CN=sites, CN=Configuration, DC=ABCD, DC=Local
Same result is for Domain, PDC, RID and Infrastructure.
- Make Sure that the DC1 is a GC
Yes, DC1 is GC
- Shutdown the DC2
Shutdown the machine for one week so far.
- Wait a couple of days and make sure that everything is working good
without the DC2 online.
No complains so far.
- If everything OK with DC2 offline, take it online again and use Dcpromo to
remove the old DC from network, (Ps: don't forget to remove it
manually from Active Directory Sites and Services because Dcpromo won't do
that for you)
Now my next step is to run DCpromo on DC2. Do I have to remove it from
Active directory sites and services on both DC1 and DC2? Can you clarify
little bit on this, please.
Thanks for your help.
"Jorge Silva" wrote:
> 1. Take the DC to be demoted offline: by this you mean take the DC out > of
> network right.
Understand that this is more like a protective measure, to ensure that when
you take the DC off doesn't stop anything else in your network. Simply
shutdown the Server for a couple of days, and make sure that noone complains
about anything.
> 2. don't forget to manually remove it from Active Directory Sites and
> Services: by this you mean run active directory sites and services on > DC
> server01 which is GC, right. In my case, I have to remove DC named
> server02.
After you run Dcpromo on DC2 to remove it, the DC2 object remains on the
Active directory sites and services this is by design, you've to remove it
manually, only after Dcpromo.
> 3. Transfer any FSMO roles from the DC to be demoted to the DC that > will
> stay
> in your network, also make sure that the DC is a GC: When do I do it
> before
> making DC (which has to be demoted) offline or after.
do you have any FSMO roles on the DC2? If yes transfer them before Dcpromo
and before taking the DC2 offline, if no you don't have anything to worry
about.
> 4. If everything OK with that DC offline, take it online again and use
> Dcpromo to remove the old DC from network: You mean take the DC out of
> network and do dcpromo and reconnect it to the network and run dcpromo
> again
> to remove DC from network, right.
When I said take it off line is just shutdown the server. Then after a
couple of days if noone complains, you take it online again, and run
dcpromo.
*Correct order of operations:
- Transfer any services that you might have on the DC2 to DC1 (like; DNS,
DHCP, Wins, DFS, etc).
- Transfer any FSMO roles from the DC2 to the DC1 (If DC2 has any FSMO
roles)
- Make Sure that the DC1 is a GC
- Shutdown the DC2
- Wait a couple of days and make sure that everything is working good
without the DC2 online.
- If everything OK with DC2 offline, take it online again and use Dcpromo to
remove the old DC from network, (Ps: don't forget to remove it
manually from Active Directory Sites and Services because Dcpromo won't do
that for you)
--
*************************************************
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA + Exchange + MSCE
*************************************************
"Ams" <Ams@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:11833C01-232E-494C-9FDC-85DA116FF79F@xxxxxxxxxxxxxxxx
>I am just trying to make sure:
>
> 1. Take the DC to be demoted offline: by this you mean take the DC out > of
> network right.
>
> 2. don't forget to manually remove it from Active Directory Sites and
> Services: by this you mean run active directory sites and services on > DC
> server01 which is GC, right. In my case, I have to remove DC named
> server02.
>
> 3. Transfer any FSMO roles from the DC to be demoted to the DC that > will
> stay
> in your network, also make sure that the DC is a GC: When do I do it
> before
> making DC (which has to be demoted) offline or after.
>
> 4. If everything OK with that DC offline, take it online again and use
> Dcpromo to remove the old DC from network: You mean take the DC out of
> network and do dcpromo and reconnect it to the network and run dcpromo
> again
> to remove DC from network, right.
>
> Hope you won't mind answering these queries. Thanks.
>
> "Jorge Silva" wrote:
>
>> Ok
>> So you already uninstalled Exchange from that DC, next thing to do is >> to
>> use
>> dcpromo to remove that server, just run dcpromo on the server (that >> you
>> want
>> to demote), and don't forget to manually remove it from Active >> Directory
>> Sites and Services.
>> - Transfer any other services that you might have on the DC to be >> demoted
>> (like; DNS, DHCP, Wins, DFS, etc).
>> - Transfer any FSMO roles from the DC to be demoted to the DC that >> will
>> stay
>> in your network, also make sure that the DC is a GC.
>> How to view and transfer FSMO roles in Windows Server 2003
>> http://support.microsoft.com/kb/324801/en-us
>> - Take the DC to be demoted offline; confirm that everything works >> with
>> that
>> DC offline (you can test this by having that DC offline several days).
>> - If everything OK with that DC offline, take it online again and use
>> Dcpromo to remove the old DC from network, (Ps: don't forget to remove >> it
>> manually from Active Directory Sites and Services)
>> -- >> *************************************************
>> I hope that the information above helps you
>> Good Luck
>>
>> Jorge Silva
>>
>> MCSA + Exchange + MSCE
>> *************************************************
>>
>> "Ams" <Ams@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:187BF5B3-5244-4580-AC60-AFAA37016614@xxxxxxxxxxxxxxxx
>> > Thanks for reply. When I do dcpromo on server02, can I do it by
>> > disconnecting
>> > from network or not. If I do dcpromo on server02, am I going to have
>> > any
>> > impact on server01 or on forest. The exchange server is installed >> > but
>> > not
>> > enabled, so hopefully I could uninstalled it without problem
>> > (hopefully!).
>> > What are the things I have to do from server01, do i have to run
>> > ntdsutil.exe
>> > on it and remove server02, do I have to run Active directory >> > sites
>> > and
>> > services on server01 and remove server02 from it? Appreciate your
>> > help.
>> >
>> > "Jorge Silva" wrote:
>> >
>> >> Hi
>> >> Please note that running a Exchange in a DC is not a supported
>> >> configuration
>> >> for several reasons.
>> >> Assuming that you want to remove the server that has the Exchange
>> >> installed:
>> >> Use AddRemove Progrmas to Remove the exchange from that server, and
>> >> pray
>> >> that everything goes ok.
>> >> After that you can use dcpromo to demote AD from that server.
>> >> TRY NOT TO REMOVE that server just by discconecting it, remember >> >> you
>> >> have
>> >> exchange on it, and you would have to remove it from AD manually, >> >> and
>> >> that
>> >> could be problematic if you don't have expirience with that.
>> >> -- >> >> *************************************************
>> >> I hope that the information above helps you
>> >> Good Luck
>> >>
>> >> Jorge Silva
>> >>
>> >> MCSA + Exchange + MSCE
>> >> *************************************************
>> >>
>> >> "Ams" <Ams@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>> >> news:2B29D7B5-570C-47E7-8502-C8122F5A6B77@xxxxxxxxxxxxxxxx
>> >> > My scenario is something like this. I have one forest >> >> > (abcd.local)
>> >> > and
>> >> > two
>> >> > DC. The one DC has GC and DNS server, let’s say it server01. >> >> > Other
>> >> > DC
>> >> > has
>> >> > exchange server 2003 installed on it, let’s say it server02. In >> >> > the
>> >> > event
>> >> > viewer I found many errors listed for DNS, replication and >> >> > exchange
>> >> > server
>> >> > on
>> >> > server02, but server01 has only frs error (I think DNS may have
>> >> > issue).
>> >> > The
>> >> > server02 has only one partition, as I read on Microsoft site, >> >> > best
>> >> > practice
>> >> > for exchange server, 4-5 partitions and to be installed on member
>> >> > server
>> >> > is
>> >> > recommended. Thinking that and since exchange server is not >> >> > working
>> >> > anyway, I
>> >> > am thinking to remove server02 and rebuild it as member server. >> >> > Now
>> >> > if
>> >> > I
>> >> > do
>> >> > so, what impact it will go on server01 (or to the first DC). >> >> > Where
>> >> > are
>> >> > the
>> >> > instances saved for server02 on server01? Do I have to run NTDS
>> >> > utility
>> >> > on
>> >> > server01 to remove server02? Please suggest me what are the >> >> > things I
>> >> > have
>> >> > to
>> >> > do on server01 before removing server02 from network. Can I just
>> >> > remove
>> >> > the
>> >> > server02 from network and format it, if I do that then is >> >> > server01
>> >> > going
>> >> > to
>> >> > have any trouble. Server01 is live server, so I don’t want any >> >> > kind
>> >> > of
>> >> > issues
>> >> > on that. I appreciate your advice.
>> >>
>> >>
>>
>>
.
- Follow-Ups:
- Re: removing second DC from forest
- From: Ams
- Re: removing second DC from forest
- References:
- Re: removing second DC from forest
- From: Jorge Silva
- Re: removing second DC from forest
- From: Jorge Silva
- Re: removing second DC from forest
- From: Ams
- Re: removing second DC from forest
- From: Jorge Silva
- Re: removing second DC from forest
- From: Ams
- Re: removing second DC from forest
- Prev by Date: Re: Scheduled tasks?
- Next by Date: Re: security accounts manager initialization failed
- Previous by thread: Re: removing second DC from forest
- Next by thread: Re: removing second DC from forest
- Index(es):
Relevant Pages
|
Loading
