- Retiring an old server
- Posted by Rob T on March 1st, 2004
I have 3 servers running active directory. I would like to take one of the
old ones off line. Is there anything special that needs to be done, or can
I just "flip the switch"
If it's important, the machine that is being retired was originally a NT4
PDC box that was upgraded to 2000 active directory, then the other 2 new
servers were added later.
Thanks.
-Rob T.
- Posted by Stivie S. on March 1st, 2004
Hi,
all you have to worry about are the FSMO roles the server that you want to retire currently holds.
For me, the easiest way to find out about FSMO roles is to use "Active Directory Replication Monitor" (replmon.exe) from the Windows Support Tools. Just open replmon, and add one of your Domain Controllers to the "Monitored Servers" list. Then, right-click the server and choose "Properties" from the context menu. Just click on the "FSMO Roles" tab to see a list of all FSMO role holders.
If the server you want to retire holds any FSMO role, just change the role holder before you retire this server. To transfer the 3 domain FSMO role holders, use "AD Users and Computers". Change the focus of the MMC to the server that should get the FSMO roles, then right-click the domain, choose "Operations Masters" and beginn to transfer the roles. To transfer the Domain Naming Master role, use "AD Domains and Trusts". To transfer the schema master role, use the "AD Schema" MMC snap-in. After the roles are transfered, just run "dcpromo" to remove Active Directory from this server. As this Domain Controller is an upgraded PDC and the other two were added later, I assume that this server holds all 5 FSMO roles (2 for the forest, 3 for the domain).
When you downgrade this server without transfering the roles, you can still use "ntdsutil" to seize the roles after all, but I recommend to transfer the roles when all servers are running and operational.
- Posted by Bjorn Landemoo on March 1st, 2004
Rob
Flipping the switch would probably cause you trouble. You must ensure that
the server has no FSMO roles, and that it is not a Global Catalog server.
See if this MS Knowledge Base article can help you:
http://support.microsoft.com/?id=255504
Best regards
Bjorn
--
Bjorn Landemoo - mvp2@landemoo.com - http://landemoo.com/
Microsoft MVP - Windows Server Networking
"Rob T" <RTorcellini@DONTwalchemSPAM.com> wrote:
- Posted by Ulf B. Simon-Weidner [MVP] on March 5th, 2004
Rob T says...
if you are using EFS in your domain you also should export the recovery agent
certificate and import it on the other DCs. It's per default just on the first
domain controller.
Gruesse - Sincerely,
Ulf B. Simon-Weidner
- Billy's retiring.... We're Soooo Screwed (Computer Security) by dominar
- Re: looking for isp (uk) with large capacity server-side multiple pop3 and good newsgroup server (Internet & Broadband) by StarBuck
- server licensing - 2003 server looking for old/dead/gone server (Windows 2003) by hakalugi
- retiring 2 free apps, posting two others (Software & Applications) by Dos-Man
- retiring the first domain win2k domain controller (Windows 2000) by rob davis
