Retire a DC

[John]

Hi

I am due to retire the first Active Directory domain controller for our
network. It has all the roles. How can I safely remove this server from the
network?

Thank-you

John

 

[Tomasz Onyszko]

Hi

I am due to retire the first Active Directory domain controller for our
network. It has all the roles. How can I safely remove this server from the
network?

Seze FSMO roles to other servers
http://support.microsoft.com/default.aspx?scid=kb;EN-US;255504

then just demote this one

 

[Tommy Vercetti]

Another way to seize roles is to go to Active Directory Users and Computers,
right click on the domain, and select "Operations Master". It will list 3
roles in there, and you can transfer the roles to another server.

 

[ptwilliams]

But you'll also need to grab the two forest-wide roles (Schema Master, and
Domain Naming). One via AD Trusts and the other through AD Schema, which
isn't there by default and has to be added to a custom MMC after registering
the appropriate .dll file.

--

Paul Williams
_________________________________________
http://www.msresource.net - Under construction, but coming soon...


Join us in our new forums!
http://forums.msresource.net
_________________________________________

Another way to seize roles is to go to Active Directory Users and Computers,
right click on the domain, and select "Operations Master". It will list 3
roles in there, and you can transfer the roles to another server.


from

 

[Jerold Schulman]

Hi

I am due to retire the first Active Directory domain controller for our
network. It has all the roles. How can I safely remove this server from the
network?

Thank-you

John

DO NOT SIEZE the roles, transfer them.
See tip 2728 in the 'Tips & Tricks' at http://www.jsiinc.com

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

 

[Cary Shultz [A.D. MVP]]

Thank you, Jerold!

Cary

DO NOT SIEZE the roles, transfer them.
See tip 2728 in the 'Tips & Tricks' at http://www.jsiinc.com

Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com

 

[Cary Shultz [A.D. MVP]]

Be very very very careful when seizing the FSMO roles. Typically, you would
only seize an FSMO role if/when the Domain Controller that held the role
went down ungracefully. You would then use NTDSUTIL to seize any of the
roles that the downed DC held.

You typically want to keep this option in the back of your mind. What you
would want to keep in the front of your mind is the process by which you
transfer roles from one existing DC to another. For this you can either use
the MMCs ( as others have suggested ) or ntdsutil. NTDSUTIL is a very
powerful CLI tool. I would really suggest that you install WIN2000 Server
on an available machine and play with it in a test environment. It can
really save your behind However, it can also put your behind in a sling!

Please look at the following two MSKB Articles on transferring FSMO Roles
from one DC to another ( which is what you want to do in this situation at
this point ):

http://support.microsoft.com/?id=255504 ( ntdsutil )
http://support.microsoft.com/?id=255690 ( MMCs )

HTH,

Cary

 

[Jeremy@gilbarco]

Actually, the roles should transfer just be demoting the
current master. Just run DCPROMO on it and remove AD.

-----Original Message-----

 

[Cary Shultz [A.D. MVP]]

Jeremy,

You are correct. It/they will automagically transfer upon the dcpromo
process. I prefer, however, to be in control of to what Domain Controller
the role(s) is/are transferred.

Good point, though!

Cary

Actually, the roles should transfer just be demoting the
current master. Just run DCPROMO on it and remove AD.