things to check prior to moving all FSMO roles to a new domain controller before decommission original old domain controller
need to move a domain controller, the first in the forest that holds all the fsmo roles, to another location in a clients building. it will require turning off this dc, call it dc1 for this question. i want to transfer the fsmo roles to a new domain controller call the new one dc2. dc2 is already on the network and has been promoted and made a domain controller, it's dns settings are set and it is also a global catalog (GC). the work is scheduled to be done after hours and i am also planning on moving the dhcp server to dc2.
i am looking for a best practices checklist of things to verify prior to moving fsmo roles and turning dc1 off? as far as i know there are no issues with replication between the dc's. my biggest worry is if i turn on dc1 after moving it and i have hardware issues or boot issues, i would rather move the fsmo roles to a known good one that is a few months old (dc2) vs still using a 5yr old box (dc1), this is part of my migration strategy too.
thanks for the help.
Solution 1:
Some of these tips are just general AD health checks.
- Run
dcdiag
on both domain controllers to ensure everything is clean. - Verify that the FSMO roles are where you assume they are. (KB234790)
- Look through Active Directory Sites & Services and confirm that you only see the servers and sites you expect to be there.
- Ensure that your migration target (dc2) is a global catalog server.
- Look through DNS to ensure that both domain controllers are properly registered, and there are no extra records lying around, especially in _msdcs.
- If you are handling DHCP with Windows Server, you should deauthorize the original server before demoting it with
dcpromo
.
Why do you want to turn dc1 off? If there is only a single domain controller in your domain and it fails, you'll have a big problem on your hands. Consider leaving dc1 running as backup.