[BB] Rick James
[H]ard Dawg
- Joined
- Apr 4, 2004
- Messages
- 2,810
I'm getting rid of my main Domain Controller. It's a littler older and etc. I'd like to take my secondary and make it my primary, how can this done?
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
Navigation
Install the app
How to install the app on iOS
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
More options
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Making Secondary Domain Controller the Primary?
- Thread starter [BB] Rick James
- Start date
You will need to sieze / transfer the roles. To do this you will need to use Ntdsutil in Windows 2003 Server.
Here are two links to get you on your way:
http://www.petri.co.il/transferring_fsmo_roles.htm
http://support.microsoft.com/kb/255504
Here are two links to get you on your way:
http://www.petri.co.il/transferring_fsmo_roles.htm
http://support.microsoft.com/kb/255504
[BB] Rick James
[H]ard Dawg
- Joined
- Apr 4, 2004
- Messages
- 2,810
You will need to sieze / transfer the roles. To do this you will need to use Ntdsutil in Windows 2003 Server.
Here are two links to get you on your way:
http://www.petri.co.il/transferring_fsmo_roles.htm
http://support.microsoft.com/kb/255504
What if the primary is unresponsive and you can't even access the box anymore? then what?
Also, what if you just delete it in Active Directory on the Secondary DC and just say "Denote but keep using as a computer"? Would that promote the secondary DC as the primary then? AC and DNS are both update todate on both DCs.
[BB] Rick James;1032009753 said:What if the primary is unresponsive and you can't even access the box anymore? then what?
Also, what if you just delete it in Active Directory on the Secondary DC and just say "Denote but keep using as a computer"? Would that promote the secondary DC as the primary then? AC and DNS are both update todate on both DCs.
Then you have to sieze the FSMO's and do cleanup ......
http://support.microsoft.com/kb/332199
http://support.microsoft.com/kb/216498
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
I didn't check the links, so this may have been answered by one of the links previously submitted... But....
The easiest thing to do is run DCPROMO again on the server that you want to demote (stop being an AD controller). DCPromo will demote the box gracefully and, in the process, transfer the FSMO roles to another AD controller.
However, I'd just like to point out that it's good practice to have at least two DC's in an enviorment. That way, if one goes offline (hardware blows up, etc) at least functions that require authentication, such as file and print sharing, domain logins, Exchange, IIS authentication (where domain accounts are used for security, like Sharepoint services), etc etc won't break because there's no extra DC to authenticate against. Maybe you have three DCs in place now and are just removing one... Thought I'd bring it up just to be on the safe side though.
Edit: If your primary DC is also doing DNS, make sure you account for changes in your DNS structure too!
The easiest thing to do is run DCPROMO again on the server that you want to demote (stop being an AD controller). DCPromo will demote the box gracefully and, in the process, transfer the FSMO roles to another AD controller.
However, I'd just like to point out that it's good practice to have at least two DC's in an enviorment. That way, if one goes offline (hardware blows up, etc) at least functions that require authentication, such as file and print sharing, domain logins, Exchange, IIS authentication (where domain accounts are used for security, like Sharepoint services), etc etc won't break because there's no extra DC to authenticate against. Maybe you have three DCs in place now and are just removing one... Thought I'd bring it up just to be on the safe side though.
Edit: If your primary DC is also doing DNS, make sure you account for changes in your DNS structure too!