Check that it does not hold any FSMO roles (it probably dos'nt but best to check) http://www.petri.co.il/determining_fsmo_role_holders.htm
Should it have any FSMO roles transfer them - http://www.petri.co.il/transferring_fsmo_roles.htm
If it is hosting any services such as DHCP then you might want to move these and any data.
Try and demote it from being a DC gracefully by running DCPROMO
If DCPROMO fails - try DCPROMO /forceremoval
if DCPROMO /forceremoval does no work then just zap it.
Remove the computer from the domain and delete the computer account. If you were not able to remove the DC gracefully then cleanup AD and emove all traces of the old DC from Active Directory - http://www.petri.co.il/delete_failed_dcs_from_ad.htm
To re-install
(re)install Windows 2003 on the new machine
Assign the new computer an IP address and subnet mask on the existing network
Make sure that the preferred DNS server on new machine points to the existing DNS Server on the Domain (normally the existing domain controller)
Join the new machine to the existing domain as a member server
From the command line promote the new machine to a domain controller with the DCPROMO command from the command line Select "Additional Domain Controller in an existing Domain"
Once Active Directory is installed then to make the new machine a global catalog server, go to Administrative Tools, Active Directory Sites and Services, Expand ,Sites, Default first site and Servers. Right click on the new server and select properties and tick the "Global Catalog" checkbox. (Global catalog is essential for logon as it needs to be queried to establish Universal Group Membership)
Assuming that you were using Active Directory Integrated DNS on the first Domain Controller, DNS will have replicated to the new domain controller along with Active Directory.
If you are using DHCP you should spread this across the domain controllers, In a simple single domain this is easiest done by Setting up DHCP on the second Domain controller and using a scope on the same network that does not overlap with the existing scope on the other Domain Controller. Don t forget to set the default gateway (router) and DNS Servers. Talking of which all the clients (and the domain controllers themselves) need to have their Preferred DNS server set to one domain controller, and the Alternate DNS to the other, that way if one of the DNS Servers fails, the clients will automatically use the other,
Both Domain Controllers by this point will have Active Directory, Global Catalog, DNS and DHCP. and the domain could function for a while at least should any one of them fail. However for a fully robust system you need to be aware that the first domain controller that existed will by default hold what are called FSMO Roles. There are five of these roles that are held on a single server and are essential for the functioning of the network. If the second Domain Controller fails, then no problem as the FSMO roles are on the first Domain Controller. However if you intent to function with the second Domain Controller only, then the roles need to be moved to the Second Domain Controller. Ideally if this is a planned event you should cleanly transfer the FSMO roles, if it is an unplanned "emergency" the FSMO roles can be seized (see http://support.microsoft.com/kb/255504)
No comments:
Post a Comment