demoting domain controller - keeping as file server

[pendal1]

Guys, my boss recently purchased a bunch of servers and he wants to demote several old domain controllers but keep them as file servers. These old domain controllers also have shared applications installed on them which users access. What is the easiest way to do this so users will not experience any problems with their applications? For example should we leave the name and IP of the old domain controllers (with the applications the same) and assign a new ip address and name for the new domain controllers. I'm still learning as I go so any config help or advice would be greatly appreciated. Thanks.
a side note: we have less than 200 users in each office. What would you recommend in terms of a scope. THanks again.

 

[mrdenny]

This should be a fairly easy migration.

Setup the new domain controllers.
DCpromo them.
Wait a few days for AD to settle down, and everyone to get the list of new DCs.
Move the FIZMO roles to the new domain controllers.
Wait a couple more days.
Then dcpromo the old machines one per day and pull them out of being a domain controller. This will leave them as a file server.

The only tricky part will be getting all the machines updated with the new DNS servers IP addresses.

If you happen to have DNS running on different machines than the DCs this won't be a problem.

If you have to change the DNS servers, change it within the DHCP scope, and have everyone reboot there workstations. This will force a new query to the DHCP to force them to get the new DNS servers IPs.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)

http://www.mrdenny.com

 

[pendal1]

Here's something I should have included in my post. In our domain we have multiple domain controllers but only one domain controller at each phycial location which acts as the dhcp server, dns server, file server and they also have applications shared. We're doing this tomorrow for OT so my boss probably wants to demote the old DCs but leave them as a file server - that's his plan. Once we demote the old domain controllers at each site, we're going to promote the new servers. My question is what is the best way to do this so the old servers can function as a file server/app server for the users while the new servers can step in as the new domain controllers. Again, at each site the old server is basically a one stop do it all server. To avoid any problems with the apps and file shares, should we just assign a new name to the new domain controllers with obviously a different ip address. Thanks Mrdenny and anyone else for assistance.

 

[mrdenny]

ok, you are going to want to setup the new domain controller in each site first. This will save you the trouble of having to copy the active directory database accross the WAN. It will instead copy the AD database from the other local server.

This is how I would do it.

If you need to do it all in a single night.
1. Setup the new DCs with new names and IPs.
2. Add DNS to the servers, and get the DNS replicating to them.
3. Add DHCP to the servers, and get the new scope setup with the new DNS server IP.
4. Once all this is done at every site force replication.
5. Wait for replication to complete and then verify the all the servers have received all the updated information.
6. Move your FIZMO roles to new DCs.
6a. Force replication again to ensure that the FIZMO role changes have been replicated around the forest.
7. Backup the AD database.
8. Change the DNS in the old DCs to point to the new DCs for DNS.
9. Change DNS for any other machines with static DNS settings.
10. DCpromo the old servers so that they are no longer domain controllers.
Disable the DHCP scope and DNS services.
11. Reboot all workstations, laptops, etc (anything that uses DHCP to get an IP address).

If you can spread the work into two nights I would take a break between steps 6 and 7 to give AD a chance to settle down and do it's thing.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)

http://www.mrdenny.com

 

[mrdenny]

If you are planning on doing this tomorrow and don't have a solid written plan on what to do, how to roll back, when your milestones and point of no return are you should try to convince your boss that this needs to be posponed and planned out better.

Swaping out your DCs at all your sites over night isn't a trivial task and could destroy AD if it isn't done correctly. Nothing sucks more than being at work all weekend trying to patch together a poorly planned upgrade only to have everyone come in Monday morning asking why it's all broken.

Denny
MCSA (2003) / MCDBA (SQL 2000)
MCTS (SQL 2005 / Microsoft Windows SharePoint Services 3.0: Configuration / Microsoft Office SharePoint Server 2007: Configuration)
MCITP Database Administrator (SQL 2005) / Database Developer (SQL 2005)

--Anything is possible. All it takes is a little research. (Me)

http://www.mrdenny.com

 

[pendal1]

Mrdenny, thank you very much. I greatly appreciate your info and advice.