things to check prior to moving all FSMO roles to a new domain controller before decommission original old domain controller

need to move a domain controller, the first in the forest that holds all the fsmo roles, to another location in a clients building. it will require turning off this dc, call it dc1 for this question. i want to transfer the fsmo roles to a new domain controller call the new one dc2. dc2 is already on the network and has been promoted and made a domain controller, it's dns settings are set and it is also a global catalog (GC). the work is scheduled to be done after hours and i am also planning on moving the dhcp server to dc2.

i am looking for a best practices checklist of things to verify prior to moving fsmo roles and turning dc1 off? as far as i know there are no issues with replication between the dc's. my biggest worry is if i turn on dc1 after moving it and i have hardware issues or boot issues, i would rather move the fsmo roles to a known good one that is a few months old (dc2) vs still using a 5yr old box (dc1), this is part of my migration strategy too.

thanks for the help.


Solution 1:

Some of these tips are just general AD health checks.

  1. Run dcdiag on both domain controllers to ensure everything is clean.
  2. Verify that the FSMO roles are where you assume they are. (KB234790)
  3. Look through Active Directory Sites & Services and confirm that you only see the servers and sites you expect to be there.
  4. Ensure that your migration target (dc2) is a global catalog server.
  5. Look through DNS to ensure that both domain controllers are properly registered, and there are no extra records lying around, especially in _msdcs.
  6. If you are handling DHCP with Windows Server, you should deauthorize the original server before demoting it with dcpromo.

Why do you want to turn dc1 off? If there is only a single domain controller in your domain and it fails, you'll have a big problem on your hands. Consider leaving dc1 running as backup.