Archived from groups: microsoft.public.win2000.active_directory (
More info?)
Fran,
The DC's pointing to themselves can create a situation where they're like
two separate islands. If the records become stale they could each
essentially lose track of the other and stop replicating. In a small
environment it is best if two DC's point to the same one for DNS. That
said, you could leave it like it is an may never have a problem with it,
just not a best practice.
As for the GC promotion, it's pretty simple and straightforward and can be
done during production hours, but I would hold off on making any significant
changes to your AD while the promotion is happening. Once you check the box
to make the new server a GC, it will write an event log entry (I'm thinking
1119, but I might be off by a number or two) that basically says it has to
wait for five minutes to secure the directory. Once it's done with the
promotion it'll log an 1120 (again, the number might be reversed or off by
one or two).
You can check to see who holds the FSMO roles by running the following
command on any DC "netdom query fsmo" it will show all five roles and who
holds them. To transfer the roles, you can follow this Microsoft KB
article:
Windows 2000: http://support.microsoft.com/kb/255690/EN-US/
Windows 2003: http://support.microsoft.com/kb/324801/EN-US/
Or, if you really want to demote the existing server, running DCPROMO to
demote it will initiate the transfer of each FSMO role to any available DC.
I would caution you about running a domain with only one DC. It leaves you
with no form of online backup for your AD and provides no redundancy for
authentication of users if your DC fails. Worst case, if the old DC is in
bad shape, rebuild it from scratch, give it a new name and then promote it
back into the domain as a new DC.
Let the new one do all the work, but have some kind of backup online.
--
--
Mike Shepperd
MCSE NT4, 2000, 2003
NewFuture Consulting
Seattle, Washington
"Fran >" <<fran> wrote in message
news:kslnc1d0dkksoo6gg9unaooqe1pc7qvad6@4ax.com...
> Mike,
>
> That's exactly what I needed to know. I remembered there were a few
> things I had to check before demoting what was the primary DC (or
> initial DC as things would have it.)
>
> The new server has been attached for a week. They were both pointing
> to the initial DC at first (the DNS server). Now I have the new DC
> pointing to itself but the original DC points to ITSELF (can this be a
> problem?) All the workstations use the new DC for DNS, storing
> profiles, etc. The ONLY things I have the original DC doing (as far as
> I know) is the FMSO roles and the global catalog.
>
> Can I change the GC role while the server is in use (i.e. during
> business hours while users are connected) or is this best done after
> hours or low time usage? Also, how to I check the FSMO issue on the
> new machine (or does MS verify this when I demote the old server?)
>
> I'm going out of town this week and I want to make sure the new server
> is responsible for EVERYTHING and I'd like to just turn the old one
> off but I really need to make sure the new server is doing everthing
> it needs to do before I feel comfortable.
>
> THanks again, Mike!
>
> On Wed, 6 Jul 2005 00:08:24 -0700, "Mike Shepperd"
> <mikesmobile_|_gmail> wrote:
>
>>Hi Fran,
>>
>>Assuming that we're talking about Windows 2000 and/or 2003 DC's, they
>>don't
>>hold the traditional PDC and BDC roles as in NT 4.0, but your first server
>>will host all five Flexible Single Master Operations (FSMO) roles. As
>>long
>>as the new DC and the existing DC are able to communicate with each other
>>and DNS is working properly (both dc's pointed to one of them is the most
>>likely scenario), then running dcpromo to demote the existing DC will not
>>succeed unless all of the FSMO roles are transferred successfully.
>>
>>You will want to make the new DC a Global Catalog (GC) before performing
>>the
>>domotion by clicking the checkbox in the properties of the new DC's NTDS
>>Settings object under AD Sites and Services.
>>
>>Hope that covers the bases for you. If you have more questions, please be
>>clearer about the environment with your follow-up.
>>
>>Thanks,
>>
>>
>>Mike Shepperd
>>
>>
>>
>>"Fran >" <<fran> wrote in message
>>news:relmc15ios888a2a07aks96s1tf1p493ou@4ax.com...
>>>I have added a BDC to our domain several weeks ago. Now we want to
>>> promote this to PDC roll and remove the old AD server. What do I need
>>> to do to make sure this runs smoothly? I need to demote the existing
>>> primary controller, I'm sure but how do I make sure all the rolls from
>>> the primary controller make it to the now secondary controller?
>>>
>>> -Fran-
>>
>
Facebook
Twitter
Instagram