|
|
Okay so say I upgrade NT to 2003 on DC1 with AD integrated with DNS.
Now I then create a second domain controller DC2, and install DNS on him also.
I then transfer all FSMO roles from DC1 to DC2 and take DC1 completely
offline.
Will there be any affects or concerns I should have about DNS on DC2 after
this? I mean was there any sort of master role stuff that the DNS on DC1
held since it was the first domain controller in the domain?
|
|
"CryptiniteDemon" <CryptiniteDemon[ at ]discussions.microsoft.com> wrote in
message news:A7C054FC-BCAB-4358-A881-0397E7215A9E[ at ]microsoft.com...
[Quoted Text] > Okay so say I upgrade NT to 2003 on DC1 with AD integrated with DNS.
>
> Now I then create a second domain controller DC2, and install DNS on him
> also.
>
> I then transfer all FSMO roles from DC1 to DC2 and take DC1 completely
> offline.
>
> Will there be any affects or concerns I should have about DNS on DC2 after
> this? I mean was there any sort of master role stuff that the DNS on DC1
> held since it was the first domain controller in the domain?
>
You need to go into the Sites manager and make DC2 a Global Catalog server.
Then wait 24 hours to demote DC1. Also, to transfer all the FSMO roles,
you'll need to use the NTDSUtil as two of the FSMO roles cannot be changed
via the GUIs.
Mike.
|
|
Mike
Neither of these are true. You are able to change all 5 FSMO rules from
the GUI. 3 are in ADUC, One in Schema manager, and the other in ADD&T.
In order to change the schema master you need to be a schema admin and
register the schema manager dll file. You also do not need to wait 24
hours to take the original offline. You can transfer all the roles and
make dc2 a GC using sites and services and wait until the GC is
replicated and advertising as a GC, you can see this in the event logs.
Michael D. Ober wrote:
[Quoted Text] > "CryptiniteDemon" <CryptiniteDemon[ at ]discussions.microsoft.com> wrote in
> message news:A7C054FC-BCAB-4358-A881-0397E7215A9E[ at ]microsoft.com...
>> Okay so say I upgrade NT to 2003 on DC1 with AD integrated with DNS.
>>
>> Now I then create a second domain controller DC2, and install DNS on
>> him also.
>>
>> I then transfer all FSMO roles from DC1 to DC2 and take DC1 completely
>> offline.
>>
>> Will there be any affects or concerns I should have about DNS on DC2
>> after
>> this? I mean was there any sort of master role stuff that the DNS on DC1
>> held since it was the first domain controller in the domain?
>>
>
> You need to go into the Sites manager and make DC2 a Global Catalog
> server. Then wait 24 hours to demote DC1. Also, to transfer all the
> FSMO roles, you'll need to use the NTDSUtil as two of the FSMO roles
> cannot be changed via the GUIs.
>
> Mike.
>
>
|
|
"KenMc" <kenmlists[ at ]gmail.com> wrote in message
news:OtbRFWUPJHA.4900[ at ]TK2MSFTNGP02.phx.gbl...
[Quoted Text] > Mike
>
> Neither of these are true. You are able to change all 5 FSMO rules from
> the GUI. 3 are in ADUC, One in Schema manager, and the other in ADD&T. In
> order to change the schema master you need to be a schema admin and
> register the schema manager dll file. You also do not need to wait 24
> hours to take the original offline. You can transfer all the roles and
> make dc2 a GC using sites and services and wait until the GC is replicated
> and advertising as a GC, you can see this in the event logs.
>
Ken,
Thanks - I hadn't found the FSMO roles in the Schema manager and ADD&T.
Still, using NTDSUtil is simpler as all five roles are in the same place.
As for the GC, you are correct, but if you have the time, waiting till the
next day will work and you don't have to search the event logs.
Mike.
|
|
In news:iYCdnXk-E_yt85PUnZ2dnUVZ_g2dnZ2d[ at ]earthlink.com,
Michael D. Ober <obermd.[ at ].alum.mit.edu.nospam.> requesting assistance, typed
the following:
[Quoted Text] >
> Ken,
>
> Thanks - I hadn't found the FSMO roles in the Schema manager and
> ADD&T. Still, using NTDSUtil is simpler as all five roles are in the
> same place. As for the GC, you are correct, but if you have the time,
> waiting till the next day will work and you don't have to search the
> event logs.
> Mike.
Either way will work and are effective.
Cheers!
--Â
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCT
Microsoft Certified Trainer
For urgent issues, you may want to contact Microsoft PSS directly.
Please check http://support.microsoft.com for regional support phone
numbers.
|
|
Hello CryptiniteDemon,
Check out an article I have on Decommissioning a DC at the address below.
It will cover multiple issues you need to consider when turning down one
of your dc's.
http://www.pbbergs.com/windows/articles.htm
Select Decommissioning a DC
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup This posting
is provided "AS IS" with no warranties, and confers no rights.
[Quoted Text] > Okay so say I upgrade NT to 2003 on DC1 with AD integrated with DNS.
>
> Now I then create a second domain controller DC2, and install DNS on
> him also.
>
> I then transfer all FSMO roles from DC1 to DC2 and take DC1 completely
> offline.
>
> Will there be any affects or concerns I should have about DNS on DC2
> after this? I mean was there any sort of master role stuff that the
> DNS on DC1 held since it was the first domain controller in the
> domain?
>
|
|
I agree, using ntdsutil is much easier than the GUI. But some people
still like to use the GUI for some reason.
Michael D. Ober wrote:
[Quoted Text] > "KenMc" <kenmlists[ at ]gmail.com> wrote in message
> news:OtbRFWUPJHA.4900[ at ]TK2MSFTNGP02.phx.gbl...
>> Mike
>>
>> Neither of these are true. You are able to change all 5 FSMO rules
>> from the GUI. 3 are in ADUC, One in Schema manager, and the other in
>> ADD&T. In order to change the schema master you need to be a schema
>> admin and register the schema manager dll file. You also do not need
>> to wait 24 hours to take the original offline. You can transfer all
>> the roles and make dc2 a GC using sites and services and wait until
>> the GC is replicated and advertising as a GC, you can see this in the
>> event logs.
>>
>
> Ken,
>
> Thanks - I hadn't found the FSMO roles in the Schema manager and ADD&T.
> Still, using NTDSUtil is simpler as all five roles are in the same
> place. As for the GC, you are correct, but if you have the time, waiting
> till the next day will work and you don't have to search the event logs.
>
> Mike.
>
>
|
|
Read inline please.
In news:A7C054FC-BCAB-4358-A881-0397E7215A9E[ at ]microsoft.com,
CryptiniteDemon <CryptiniteDemon[ at ]discussions.microsoft.com> wrote:
[Quoted Text] > Okay so say I upgrade NT to 2003 on DC1 with AD integrated with DNS.
>
> Now I then create a second domain controller DC2, and install DNS on
> him also.
>
> I then transfer all FSMO roles from DC1 to DC2 and take DC1 completely
> offline.
>
> Will there be any affects or concerns I should have about DNS on DC2
> after this? I mean was there any sort of master role stuff that the
> DNS on DC1 held since it was the first domain controller in the
> domain?
Since it is the first DC in the domain, and it is Win2k3, there should be a
separate _msdcs.ADDomainName Forward lookup zone, make sure it has
replicated to the second DC, and that the ADDomainName Forward Lookup Zone's
_msdcs Delegation has the NS record for DC2. For some reason Second DCs
don't seem to add there NS record to the Delegation and will be reported as
a broken delegation when running dcdiag /test:DNS
--
Best regards,
Kevin D. Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
http://support.wftx.us/
http://message.wftx.us/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
|
|
|