FSMO Roles Question and DCPromo

  • Thread starter Thread starter needin4mation
  • Start date Start date
N

needin4mation

Hi, I have two servers that are domain controllers. I have a third in
another subnet that is the root and not sure how it is related here (if
at all). One of the two is being decomissioned. However, from what I
have been told I cannot simply unplug it. I have to first demote the
DC going away with DCPromo. But first I am supposed to transfer the
FSMO roles to the other domain controller. All I want to do is get
rid of the other domain controller, as I am supposed to without
destroying my AD. One of the two has Exchange on it (the one I am
keeping) and when I simply shut off the other one, then the Exchange
server died. Advice is appreciated. Thanks for any help.
 
Hi, I have two servers that are domain controllers. I have a third in
another subnet that is the root and not sure how it is related here (if
at all).
Click to expand...

Root is a term about DOMAINS; the first domain in a Forest is
the "root forest domain". It is not a term used directly to describe
a DC. (Except as a "root domain DC" where the word root
describes the domain itself still.)
One of the two is being decomissioned. However, from what I
have been told I cannot simply unplug it.
Click to expand...

It is BEST that you not just unplug it; it will eventually make
even more work for you if you do that. It is not however
catastrophic if you have already done it (we can tell you how
to clean up the mess.)
I have to first demote the DC going away with DCPromo.
Click to expand...

That is the right way to do it.
But first I am supposed to transfer the
FSMO roles to the other domain controller.
Click to expand...

This is not TECHNICALLY necessary if authentication and
replication are functioning correctly (which means DNS is
correct) but I too like to transfer the roles manually to MAKE
SURE they get properly transferred to a working/remaining
DC.
All I want to do is get
rid of the other domain controller, as I am supposed to without
destroying my AD.
Click to expand...

Even doing it badly will not "destroy" or even SERIOUSLY
harm AD, but it will cause some limited problems and cleanup
work.

You are planning to do it correctly however. We encourage that.
One of the two has Exchange on it (the one I am
keeping) and when I simply shut off the other one, then the Exchange
server died. Advice is appreciated. Thanks for any help.
Click to expand...

A little odd; probably due to your CLIENT DNS settings being
wrong on your remaining DC. Notice that the CLIENT NIC IP
properties of a DC MUST be set to use the working DNS server
(set) which can resolve the domain (the entire forest actually.)

DCDiag is your friend. Run it on every DC.

Fix all warnings or problems.

Run it again after you add or remove DCs or mess with the DNS
servers.

Remember when you remove a DC you may be removing a
DNS server, but you are certainly removing an AUTHENTICATOR
and this may be the one which your clients OR your Exchange server
depend upon.
 
Before demoting the DC make sure:
* you transfer the FSMO (if it holds any) to another DC
http://support.microsoft.com/?id=324801 (How to view and transfer FSMO roles
in Windows Server 2003)
http://support.microsoft.com/?id=255504 (Using Ntdsutil.exe to transfer or
seize FSMO roles to a domain controller)
http://support.microsoft.com/?id=255690 (How to view and transfer FSMO roles
in the graphical user interface)
http://support.microsoft.com/?id=197132 (Windows 2000 Active Directory FSMO
roles)
http://www.petri.co.il/transferring_fsmo_roles.htm
http://www.petri.co.il/seizing_fsmo_roles.htm
* make sure the other DCs are also GCs
http://www.microsoft.com/technet/pr...ons/8fcb40ad-8aee-48e6-9924-2b8f0d2a01b3.mspx
http://www.petri.co.il/configure_a_new_global_catalog.htm
http://www.microsoft.com/technet/pr...Ref/24311c41-d2a1-4e72-a54f-150483fa885a.mspx
* Make sure exchange is not hardcoded with a global catalog
* Demoting a DC could impact any machine currently using it, especially
Exchange and Outlook. A generally good practice is to move a DC into a site
that isn't used by any other servers or clients and then after a few days
shut it down. If there are no issues, fire it back up and demote it. (or
create TEMPORARY site and clean the site up later after demotion) (got this
information from another thread by Joe Richards)

Some information you may need to read when Exchange is on a DC:
http://blogs.brnets.com/michael/archive/2005/01/24/319.aspx
http://www.petri.co.il/problems_with_exchange_2003_installed_on_domain_controllers.htm
http://hellomate.typepad.com/exchange/2004/02/exchange_on_a_d.html


--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
 
Back
Top