Old Domain Controller (W2K3) Decommission process in active directory

Its single domain environment with 3 DCs, 2 DCs are running Windows Server 2008R2 and one is running with Windows Server 2003.

Planning to decommission Win 2003 Domain controller.

Below is the plan. Please have a look, correct if any steps going in wrong manner.

  1.        Changing Domain controller DNS IP which is planned for decommission from all the Systems, to with available DNS servers.
  2.        Changing the DNS IPs hard coded in Applications and correcting the DHCP scope DNS settings.
  3.        Transferring FSMO roles from this old server.
  4.        Check the health status of the Domain replication. If it is good.
  5.        Stop the replication on DC Windows 2003 (inbound and outbound) 
  6.        Disable the NIC card.
  7.        Shutdown it for 1 week and monitoring it. -==> is this cause any issues except replication, tombstone period is 1 Month for this domain.
  8.        If there is no issues found.
  9.        Demote the server from Domain & clean the metadata using the ntdsutil tool.
August 21st, 2015 5:15pm

I would transfer the roles and NTP server parts first as this would not be down time, then I would make my 2008 R2 DC's primary DNS servers on my member servers, dhcp, etc. then on the DNS server role move the 2003 down to the bottom of the list..... This is all done without down time. once this is done then I would attack the application DNS coding part.

Then I would disable the NICs for a week and if no complaints then run DCPROMO and decommission the DC.

Free Windows Admin Tool Kit Click here and download it now
August 21st, 2015 6:04pm

Hi,

Plan looks good you have to make sure NTP is configured on new PDC server for time synch.

August 22nd, 2015 12:29am

You need to think about taking backups and having a rollback plan. If that I do not see a problem with your approach, you need to think about one from a change management perspective. Also, you need to make sure that your AD-integrated applications and systems support DCs running Windows Server 2008 R2 before proceeding.

As already mentioned, you need to think about having the proper time sync configuration. I have documented an easier way to control it here: http://social.technet.microsoft.com/wiki/contents/articles/18573.time-synchronization-in-active-directory-forests.aspx

Free Windows Admin Tool Kit Click here and download it now
August 22nd, 2015 5:02pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics