Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to demote one pc & promote another pc as primary domain controller

Status
Not open for further replies.
djpingpong

djpingpong

Programmer
Jul 6, 2004
70
0
0
Hi all,

There's an old/slow Win2k machine (SERVER1) running as the ONLY Domain Controller in our Windows 2000 Domain. I've recently setup another newer/faster computer (SERVER2) as the second domain controller.

Currently, SERVER1 handles DNS, DHCP and has all the FSMO roles.... but I want to make SERVER2 the primary Domain Controller and demote SERVER1 as the backup DC

What steps should I take in order to achieve that?
I need to make sure that everything is done clean and the transition is smooth because these are live servers. The entire business depends on these computers functioning at all times.
 
Sort by date Sort by votes
There is no such thing as a primary Domain Controller or a Secondary Domain Controller in Active Directory domains. There's a FSMO role "PDC Emulator", but this does not in and of itself make a server the "PDC". Everything is a DC. So there is no demotion of the old server.

You can transfer the FSMO roles from the old server to the new server and make the new server a global catalog, but again, this does not constitute a PDC (you can split the FSMO roles between the two servers if you wanted).

In your previous question, I provided links that included how to transfer the FSMO roles as well as how to create a Global Catalog.
 
Upvote 0 Downvote
Yeah.. i'm taking a deeper look into the FSMO Roles now...
probably need some time to study up on it..
but thanks for letting me know that it's not just one Primary DC and a whole bunch of secondary DC... that was the idea i've always had stuck in my head...

Now that I know all Domain Controllers are on the same level and they only vary based on their roles.. I have to look at my current network layout from a different perspective.

you've been very helpful LWcomputing... thanks a lot

 
Upvote 0 Downvote
You can use NTDSUTIL.exe to transfer roles.
Read on how to balance these roles watch specially for RID master role.
 
Upvote 0 Downvote
I thought another question related to this issue.
I have my 2 Domain Controllers setup...
One of the DC still controls all 5 FSMO roles..

Now, I read about load-balancing and fault-tolerance...
in theory, I know what they mean and how it applys to the network. But in reality, i've never really dealt with such issues.

My question: Since there are 2 DCs in my network, is it automatically configured for load-balancing and fault-tolerance already?

question 2: Active Directory replication is done automatically between the DCs, right? If so, how often do they actually replicate?
 
Upvote 0 Downvote
If only life were so simple. Some of those roles are show stoppers so make sure you backup the AD regularly.

As always, it depends:

Are those DC's doing anything else?

How many users are there?

Is everyone on one site?

Some roles are best kept together on the same box.

Updates are supposed to be random but within 15 minutes I think, you can force an update via the CMD box but the command is complex and it is best to leave it to get on with it.

If a server dies you can force the roles but once you do don't ever bring the dead server back unless you have rebuilt it from scratch as a new server.

You should do a bit of disaster recovery testing, duplicate the server and take it off site, add another server to the offsite lan, move the roles, kill a server with the roles and then force things back. It is not something you want to do under the stress of users unable to login!
 
Upvote 0 Downvote
As always, it depends:

Are those DC's doing anything else?

How many users are there?

Is everyone on one site?
Click to expand...

The DC computers are responsible for other things... although i'm tryin to keep it to a few specific tasks only...

In total, there are about 10 user accounts with about 12 computers in our entire network

And lastly, this is only one site with one forest, one tree and one domain

So, with my setup... is it practical setting up load balancing and fault tolerance?

I just want a backup system to manage DHCP, DNS, etc... if anything happens
 
Upvote 0 Downvote
For such a small network I would not bother messing aroudn with the roles, just implement a good backup strategy.

DNS and DHCP are totally seperate services and you can duplicate those as required, well you can for DNS. For DHCP you have to be configure seperate pools of addresses to avoid conflicts.
 
Upvote 0 Downvote
For DHCP you have to be configure seperate pools of addresses to avoid conflicts.
Click to expand...

Wait a minute, a little off topic, but are you saying that I can set both DCs to run DHCP... and as long as I have them spooling different ranges of IPs, I can have 2 DHCP generators (so to speak).

Example:
If DHCP_SRV1 leases 192.168.0.2 -> 192.168.0.99
and DHCP_SRV2 leases 192.168.0.200 -> 192.168.0.254

the above example would function properly in a domain?
if so, which DHCP server would the workstations grab IPs from?
 
Upvote 0 Downvote
For such a small network It is hardly worth it, you could install DHCP on the second server but not authorise it in AD but this would require you to manually authorise it in event of a failure.

You can splice and dice DHCP in so many ways, some people like to do it by subnet or segment, others use clustering which is I think is overkill for all but the largest organisations.

So to answer your question YES you can have two servers services your clients. I am not sure about that IP range, I do not like gaps in the middle, I usually avoid the first 20 in case there are devices that auto intall (which I then find and sort out). I tend to stick the routers and server at the top end, but whatever works for you.

This is how it works:

When a DHCP client computer is booted, DHCP messages are exchanged between client computer and server as follows:

1.

The DHCP client computer broadcasts a DHCPDISCOVER message. In a routed environment, the broadcast is limited to the physical subnet. If there is no DHCP server on the physical subnet, one or more of the routers should be configured to forward the (BOOTP) message to a known DHCP server location.The DHCPDISCOVER message can include options that request specific values for the network address and lease duration.
2.

Each DHCP server that is configured to respond to the client computer's subnet should respond with a DHCPOFFER message. The DHCPOFFER message has a (presumably) available IP address as well as other configuration information. According to the IETF standard, the DHCP server should first grope the target subnet with an ICMP ECHO request to confirm that the address is available.
3.

The DHCP client computer receives one or more DHCPOFFER messages from the DHCP server(s). The client computer selects one of the DHCPOFFER messages.
4.

The DHCP client computer broadcasts a DHCPREQUEST message that includes a server identifier option to indicate which server it has selected. This DHCPREQEST message can include requests for specific configuration information.
5.

All DHCP servers that responded to the client computer's original DHCPREQUEST broadcast should receive the second DHCPREQUEST message broadcast. The DHCP server(s) that were not selected by the client computer take no further action.
6.

The selected DHCP server commits the IP address for the client computer to its list of client computers, IP addresses, and leases. It then sends a DHCPACK message that includes the (requested) configuration parameters for the DHCP client computer.
7.

If the selected DHCP server cannot comply with the DHCPREQUEST message from the client computer (usually because the requested IP address is not available), the server sends a DHCPNAK message to the client computer.
8.

The DHCP client computer receives the DHCPACK message from the server. The client computer normally performs a final validation of the configuration information and saves the address lease duration specified in the DHCPACK message. The client computer is configured.
9.

If the DHCP client computer determines that the address is already in use, it sends a DHCPDECLINE message to the server and then begins the DHCP configuration process again with a DHCPREQUEST broadcast.
10.

If the DHCP client computer does not receive a DHCPACK or a DHCPNAK message within a specified period of time, it resends the DHCPREQUEST message.
11.

The client computer can relinquish its IP address lease by sending a DHCPRELEASE message to the DHCP server.

This is published at

 
Upvote 0 Downvote
Well, thanks for the DHCP lesson.. i picked up a few things that I can definately use...

However, I have swayed from the original topic of this thread and I'm gonna stop askin other questions in this same thread..
Since I only have a dozen computers.. i'm just gonna stay with one dhcp server and keep things simple..

But thanks again
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
89
DTGMI
DTGMI
goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
181
goombawaho
goombawaho
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
118
fightaccording
fightaccording
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
78
ADB100
ADB100
DeepuM
  • Locked
  • Question
Web Response returned Web Exception : The underlying connection was closed error | Simphony & QS
Replies
0
Views
78
DeepuM
DeepuM

Part and Inventory Search

Sponsor

Back
Top