Migrating Active Directory
We are a small business, ~40 users and we currently have one domain controller. The domain controller was setup incorreclty to begin with, there are too many extra services. So, I want to throw in a a new box, dedicated to being a domain controller. It looks like I can just bring the server into AD, and use the "Active directory migration tool" to transfer over all information. Does this all seem ok?
Thanks for any help you can provide..
Mike
December 29th, 2007 3:03am
ADMT isused for migrating from one AD domain to another. in your scenario, just run dcpromo on a new server and the transfer will happen automaticly.
before you remove the first domain controller you should be sure there are no services used by your clients that havent already been moved elsewhere. dns and dhcp for example.
this is for 2000, but the same applies for 2k3:
Removing Active Directory from a Domain Controller
NOTE: When a domain controller is demoted, if it is not the last domain controller in the domain, it performs a final replication and then transfers the roles to another domain controller. As part of the demotion process, the Dcpromo utility removes the configuration data for the domain controller from Active Directory. This data takes the form of an NTDS Settings object, which exists as a child to the server object in Active Directory Sites and Services Manager. After the domain controller is demoted it no longer has Active Directory information available, and uses the Security Accounts Manager (SAM) database for local database information. If the domain controller is a global catalog, that role is not transferred to another domain controller. In this case, you must manually select the check box in Active Directory Sites and Services Manager for another domain controller to take over the role. If the demotion process does not succeed for any reason, you must manually delete this metadata from the directory. Use the Ntdsutil.exe utility to manually remove the NTDS Settings object. For additional information about how to use Ntdsutil.exe, click the article number below to view the article in the Microsoft Knowledge Base:
216498 (http://support.microsoft.com/kb/216498/EN-US/) Removing Active Directory Data After an Unsuccessful Demotion
1.
Click Start, click Run, type dcpromo, and then click OK.
2.
This starts the Active Directory Installation Wizard. Click Next.
3.
There is a check box in the Remove Active Directory screen. If this computer is the last domain controller in the domain, click to select the check box. Otherwise, click Next.
4.
In the next screen, set the password for the administrator account on the server after Active Directory is removed. Type the appropriate password in the Password and Confirm Password boxes, and then click Next.
5.
In the Summary screen, review and confirm the options you selected, and then click Next.
6.
The wizard begins the process of removing Active Directory from the server. After the process is finished, a message indicates that Active Directory was removed from the computer.
7.
Click Finish to quit the wizard.
8.
Restart the computer.NOTE: Windows 2000-based DNS severs should point to themselves for DNS in their TCP/IP properties. If this server needs to resolve names from its Internet service provider (ISP),you should configure a forwarder.
Free Windows Admin Tool Kit Click here and download it now
December 29th, 2007 7:56am