Friday, September 9, 2011

How to Decommission a Domain Controller

Once the additional domain controller is installed and configured, before decommissioning a dc, it requires all domain services that are currently reside on a existing dc need to be moved to another dc’s.

In order to move any fsmo roles from one DC to another DC, follow the MS How to view and transfer FSMO roles in the graphical user interface.
  • To learn where the roles reside run the command netdom query fsmo
  • If the PDC holds the fsmo role on this DC then you need to reconfigure the new holder of fsmo role PDC to either use the internal hardware clock or an external source. In my environment I always recommend using an external source MS KB816042.
There needs to be at least one Global Catalog (GC) in each domain and it is recommended that there is one in each site, refe to MS KB313994 for more details.

Move DNS services to other DC’s if this DC is a DNS provider. Also point all clients that use this server for DNS to the new DNS server
  • If AD integrated simply installing DNS on a member server prior to promotion will bring up a new DNS server.
  • If not AD integrated and this is a primary server then a new primary server will need to be brought online. From DNS server manager the server needs to be promoted to primary.
  • If a secondary server then make the new dc a new secondary server.
For more details refer to MS technet and MS KB323417:
If a dhcp server then the dhcp servers database needs to be backed up and copied to the new dhcp server. The old dhcp server deauthorized and the new dhcp server authorized. MS Support:
If you have Encryption File System (EFS) enabled you will need to move the private key if it resides on this dc. Refer to MS Support:
If this server manages Terminal Server Licensing (TSL) then it will have to be moved to a new DC. From Add/Remove programs you will need to add a new TSL. You can then restore the licenses by using the TS License Manager tool with the Telephone activation mechanism. You can switch to the Telephone mechanism by right clicking on the server in TS License Manager, and then selecting properties from the menu.
Finally, once this is all accomplished go ahead and demote the DC to a member server.
For more details refer to MS Support:

No comments:

Post a Comment