operations master roles and AD removal

Toggle sidebar Toggle sidebar
C

Craig

Distinguished
Apr 5, 2004
532
0
18,980
Archived from groups: microsoft.public.win2000.advanced_server,microsoft.public.windows.server.active_directory (More info?)

Hello...I'm planning on demoting a server that is having multiple issues.
Unfortunately, this server is the oldest of our domain and is providing
multiple services...it holds all of the operations master roles, is our main
file and print server, and acts as our sole DHCP, DNS and WINS server. As
you can guess, I do not wish to reimage this server if it can be avoided.
At present, we now have 3 domain controllers. The other two controllers are
operating fine. My plan is to take the troublesome server offline, have the
other two healthy domain controllers seize the operations master roles,
remove AD from the bad server using dcpromo /forceremove and then bring the
server back online as a member server. Does this sound like a workable plan
or are there issues that I need to be aware of that could cause problems?
Craig
System Administrator, Clermont County Public Library
 
S

seth

Distinguished
Apr 6, 2004
441
0
18,780
Archived from groups: microsoft.public.win2000.advanced_server (More info?)

It would be a good idea to remove all of these primary services from t he server so you do not interupt domain function - move user data - re assign dns wins and dhcp to another server - make sure everything is operating after you have achieved this and the demotion should be fine - never forget to fully back up the active directory system state before doing anything as well.
Good Luck!

"Craig" wrote:

> Hello...I'm planning on demoting a server that is having multiple issues.
> Unfortunately, this server is the oldest of our domain and is providing
> multiple services...it holds all of the operations master roles, is our main
> file and print server, and acts as our sole DHCP, DNS and WINS server. As
> you can guess, I do not wish to reimage this server if it can be avoided.
> At present, we now have 3 domain controllers. The other two controllers are
> operating fine. My plan is to take the troublesome server offline, have the
> other two healthy domain controllers seize the operations master roles,
> remove AD from the bad server using dcpromo /forceremove and then bring the
> server back online as a member server. Does this sound like a workable plan
> or are there issues that I need to be aware of that could cause problems?
> Craig
> System Administrator, Clermont County Public Library
>
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.advanced_server,microsoft.public.windows.server.active_directory (More info?)

Always try transfer the fsmo roles before you going for a seizure, ensure
there is another global catalog within the same site and a working dns zone
for your active directory domain.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips

"Craig" <heatoncr@oplin.org> skrev i meddelandet
news:%232w2tHcaEHA.1656@TK2MSFTNGP09.phx.gbl...
> Hello...I'm planning on demoting a server that is having multiple issues.
> Unfortunately, this server is the oldest of our domain and is providing
> multiple services...it holds all of the operations master roles, is our
main
> file and print server, and acts as our sole DHCP, DNS and WINS server. As
> you can guess, I do not wish to reimage this server if it can be avoided.
> At present, we now have 3 domain controllers. The other two controllers
are
> operating fine. My plan is to take the troublesome server offline, have
the
> other two healthy domain controllers seize the operations master roles,
> remove AD from the bad server using dcpromo /forceremove and then bring
the
> server back online as a member server. Does this sound like a workable
plan
> or are there issues that I need to be aware of that could cause problems?
> Craig
> System Administrator, Clermont County Public Library
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.advanced_server,microsoft.public.windows.server.active_directory (More info?)

Yes. But as it is up and running, can't you try a normal demotion?

Setup AD integrated DNS and allow for replication. Migrate WINS and DHCP,
move the FSMOs (not seize) and try a normal demotion.

If it works it's always better than the hard way...

--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


"Chriss3 [MVP]" <noSpamHere@chrisse.se> wrote in message
news:u$WprRcaEHA.2056@TK2MSFTNGP12.phx.gbl...
Always try transfer the fsmo roles before you going for a seizure, ensure
there is another global catalog within the same site and a working dns zone
for your active directory domain.

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips

"Craig" <heatoncr@oplin.org> skrev i meddelandet
news:%232w2tHcaEHA.1656@TK2MSFTNGP09.phx.gbl...
> Hello...I'm planning on demoting a server that is having multiple issues.
> Unfortunately, this server is the oldest of our domain and is providing
> multiple services...it holds all of the operations master roles, is our
main
> file and print server, and acts as our sole DHCP, DNS and WINS server. As
> you can guess, I do not wish to reimage this server if it can be avoided.
> At present, we now have 3 domain controllers. The other two controllers
are
> operating fine. My plan is to take the troublesome server offline, have
the
> other two healthy domain controllers seize the operations master roles,
> remove AD from the bad server using dcpromo /forceremove and then bring
the
> server back online as a member server. Does this sound like a workable
plan
> or are there issues that I need to be aware of that could cause problems?
> Craig
> System Administrator, Clermont County Public Library
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.advanced_server,microsoft.public.windows.server.active_directory (More info?)

Exactly :)

--
Regards
Christoffer Andersson
Microsoft MVP - Directory Services

No email replies please - reply in the newsgroup
------------------------------------------------
http://www.chrisse.se - Active Directory Tips

"ptwilliams" <ptw2001@hotmail.com> skrev i meddelandet
news:%23oR$42eaEHA.3596@tk2msftngp13.phx.gbl...
> Yes. But as it is up and running, can't you try a normal demotion?
>
> Setup AD integrated DNS and allow for replication. Migrate WINS and DHCP,
> move the FSMOs (not seize) and try a normal demotion.
>
> If it works it's always better than the hard way...
>
> --
>
> Paul Williams
> _________________________________________
> http://www.msresource.net
>
>
> Join us in our new forums!
> http://forums.msresource.net
> _________________________________________
>
>
> "Chriss3 [MVP]" <noSpamHere@chrisse.se> wrote in message
> news:u$WprRcaEHA.2056@TK2MSFTNGP12.phx.gbl...
> Always try transfer the fsmo roles before you going for a seizure, ensure
> there is another global catalog within the same site and a working dns
zone
> for your active directory domain.
>
> --
> Regards
> Christoffer Andersson
> Microsoft MVP - Directory Services
>
> No email replies please - reply in the newsgroup
> ------------------------------------------------
> http://www.chrisse.se - Active Directory Tips
>
> "Craig" <heatoncr@oplin.org> skrev i meddelandet
> news:%232w2tHcaEHA.1656@TK2MSFTNGP09.phx.gbl...
> > Hello...I'm planning on demoting a server that is having multiple
issues.
> > Unfortunately, this server is the oldest of our domain and is providing
> > multiple services...it holds all of the operations master roles, is our
> main
> > file and print server, and acts as our sole DHCP, DNS and WINS server.
As
> > you can guess, I do not wish to reimage this server if it can be
avoided.
> > At present, we now have 3 domain controllers. The other two controllers
> are
> > operating fine. My plan is to take the troublesome server offline, have
> the
> > other two healthy domain controllers seize the operations master roles,
> > remove AD from the bad server using dcpromo /forceremove and then bring
> the
> > server back online as a member server. Does this sound like a workable
> plan
> > or are there issues that I need to be aware of that could cause
problems?
> > Craig
> > System Administrator, Clermont County Public Library
> >
> >
> >
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.advanced_server,microsoft.public.windows.server.active_directory (More info?)

FYI:

If you use the seize command in ntdsutil, it will first try to transfer the
role before it seizes it. So, in other words if it can transfer the role it
will before trying to seize it.

Regards,
/Jimmy
--
Jimmy Andersson, Q Advice AB
Microsoft MVP - Directory Services
---------- www.qadvice.com ----------


"Chriss3 [MVP]" <noSpamHere@chrisse.se> wrote in message
news:u$WprRcaEHA.2056@TK2MSFTNGP12.phx.gbl...
> Always try transfer the fsmo roles before you going for a seizure, ensure
> there is another global catalog within the same site and a working dns
zone
> for your active directory domain.
>
> --
> Regards
> Christoffer Andersson
> Microsoft MVP - Directory Services
>
> No email replies please - reply in the newsgroup
> ------------------------------------------------
> http://www.chrisse.se - Active Directory Tips
>
> "Craig" <heatoncr@oplin.org> skrev i meddelandet
> news:%232w2tHcaEHA.1656@TK2MSFTNGP09.phx.gbl...
> > Hello...I'm planning on demoting a server that is having multiple
issues.
> > Unfortunately, this server is the oldest of our domain and is providing
> > multiple services...it holds all of the operations master roles, is our
> main
> > file and print server, and acts as our sole DHCP, DNS and WINS server.
As
> > you can guess, I do not wish to reimage this server if it can be
avoided.
> > At present, we now have 3 domain controllers. The other two controllers
> are
> > operating fine. My plan is to take the troublesome server offline, have
> the
> > other two healthy domain controllers seize the operations master roles,
> > remove AD from the bad server using dcpromo /forceremove and then bring
> the
> > server back online as a member server. Does this sound like a workable
> plan
> > or are there issues that I need to be aware of that could cause
problems?
> > Craig
> > System Administrator, Clermont County Public Library
> >
> >
> >
>
>
 
C

Craig

Distinguished
Apr 5, 2004
532
0
18,980
Archived from groups: microsoft.public.win2000.advanced_server,microsoft.public.windows.server.active_directory (More info?)

My thanks to the group for the advice. I would prefer gracefully
transferring the roles, but one of the problems this server is having is
that it has stopped replicating, and any attempt to transfer the roles via
the AD applet results in the message that the server is offline. I've tried
just about everything to get it started again...stopping and starting the
service, rebooting, resetting the machine accountpassword, etc. Nothing
seemed to work. I've decided that this server has enough going on without
also acquiring the domain controller role, so I want to demote it.
Yesterday I did set the other domain controllers to act as secondary DNS
servers and set up a secondary WINS. User data is backed up nightly onto
tape, so I think I'm all set.
Craig

"Jimmy Andersson [MVP]" <jimmy_noSpam_@mvps.org> wrote in message
news:uKTpBknaEHA.3476@tk2msftngp13.phx.gbl...
> FYI:
>
> If you use the seize command in ntdsutil, it will first try to transfer
the
> role before it seizes it. So, in other words if it can transfer the role
it
> will before trying to seize it.
>
> Regards,
> /Jimmy
> --
> Jimmy Andersson, Q Advice AB
> Microsoft MVP - Directory Services
> ---------- www.qadvice.com ----------
>
>
> "Chriss3 [MVP]" <noSpamHere@chrisse.se> wrote in message
> news:u$WprRcaEHA.2056@TK2MSFTNGP12.phx.gbl...
> > Always try transfer the fsmo roles before you going for a seizure,
ensure
> > there is another global catalog within the same site and a working dns
> zone
> > for your active directory domain.
> >
> > --
> > Regards
> > Christoffer Andersson
> > Microsoft MVP - Directory Services
> >
> > No email replies please - reply in the newsgroup
> > ------------------------------------------------
> > http://www.chrisse.se - Active Directory Tips
> >
> > "Craig" <heatoncr@oplin.org> skrev i meddelandet
> > news:%232w2tHcaEHA.1656@TK2MSFTNGP09.phx.gbl...
> > > Hello...I'm planning on demoting a server that is having multiple
> issues.
> > > Unfortunately, this server is the oldest of our domain and is
providing
> > > multiple services...it holds all of the operations master roles, is
our
> > main
> > > file and print server, and acts as our sole DHCP, DNS and WINS server.
> As
> > > you can guess, I do not wish to reimage this server if it can be
> avoided.
> > > At present, we now have 3 domain controllers. The other two
controllers
> > are
> > > operating fine. My plan is to take the troublesome server offline,
have
> > the
> > > other two healthy domain controllers seize the operations master
roles,
> > > remove AD from the bad server using dcpromo /forceremove and then
bring
> > the
> > > server back online as a member server. Does this sound like a
workable
> > plan
> > > or are there issues that I need to be aware of that could cause
> problems?
> > > Craig
> > > System Administrator, Clermont County Public Library
> > >
> > >
> > >
> >
> >
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom