Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows 2000 Active Directory Domain Controller

Status
Not open for further replies.

Motiv

ISP
Dec 30, 2007
26
US
I've inherited a small AD network and both domain controllers are Win 2000. Mixed 2000/2003 member servers.

Production MS SQL runs on one of the Win2k DCs - I dont want production SQL running on a DC :)

If I promote a new Windows 2003 box as a DC and demote the Windows 2000 box, should any services be interrupted? I will have DNS zones copied to the new box before joining the AD.

Thanks in advance
 
Nope...should be just fine. DNS will still function on the demoted box too, btw.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.
 
So in this order? Promote new Win 2003 DC, demote Win 2000 dc - should be okay? Planning on doing it during the day when users are working if it isnt service effecting
 
All should be fine with that method. However, if you have a preferred box for your fsmo roles, you should move those first. Otherwise the DC will hand off to the first available DC in DNS alphabetical order....

-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+

 
Thanks for the reply ADGod.

I'd like to have the FSMO roles on the new Windows 2003 domain controller. So what would be the method for doing this?

I found this article that shows you how to transfer the roles on Windows 2003 -
So what exactly will happen when I:

#1: Promote new Windows 2003 server
#2: Demote Windows 2000 Server

So at this point the FSMO roles will be transferred to the domain controller that name comes first in the alphabet?

So in this case, existing DCs: neon, radium.
Demoting radium, adding oxygen. So FSMO roles would be transferred to neon then? I hope those commands in that KB will work on Windows 2000!

Any guidance is appreciated
 
Note from earlier in the thread...the DNS service itself will still function, the zone itself would be useless after demotion IF you are using AD integrated zones (which is the hope) :)

So here's what you should do:

1. Point current DCs to the current PDC emulator for preferred DNS (I have a FAQ on this site for how to properly configure DNS for AD integration and prevent issues)-current PDC can be fgound by either right clicking the words Active Directory Users & Computers (in the console of the same name-left hand pane-top) and selecting operations masters, then view the PDC tab...or, with support/resource kit tools installed, you can run the command "netdom query fsmo"
2. Point the preferred DNS to current PDC on win2003 server
3. run dcpromo and reboot
4. Make all DCs global catalogs (through ad sites & services)
5. check event logs on DCs..you should see 2 global catalog events...1 at 1st, 5 minutes later, another with event ID 1119 from NTDS general (if I remember right...from top of head here)...reboot after the 1119 event occurs (this is in the directory service log btw)
6. transfer fsmo roles per article above...you do this from the server you want to take over the roles and not the current role holder
7. re-establish any trust relationships (they will break temporarily when you do this)
8. run dcpromo to demote any other DCs you want
9. suggestion-reload former 2k DC to 2k3 OS, then repromote as DC


HINT:

Depending on your hardware and number of users, 3 DCs may be overkill. A single processor @ 3ghz with 4GB of RAM will effectively cover upwards towards 1500 users and computers authenticating (600 users/900 computers & servers for example) and still maintain a 50% performance baseline. Never go less than 2 though :)


-Brandon Wilson
MCSE00/03, MCSA:Messaging00, MCSA03, A+

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top