1

I have spent the last hour Googling for an answer to my question and although some questions are close, I of course want to verify my particular need to ensure I do not introduce any unneeded downtime at my facility. In short, I need to reinstall Windows on both my DC1 (primary) and DC2 for conformity reasons and would like to verify the process.

Environment:

  • 2x identical servers running Windows Server 2008 R2 Standard
  • Roles: ADDS, DNS, File Services, Web Server

My Thoughts:

  1. Promote DC2 to act as primary domain controller
  2. Shut down DC1 for the day to ensure no services complain
  3. Demote DC1
  4. Reinstall Windows on DC1
  5. Promote DC1 to be primary
  6. Demote DC2
  7. Reinstall Windows on DC2
  8. Add DC2 back as GC

Please let me know if I am completely off base and, ideally, documentation/best practices documentation from Microsoft that will cover this procedure.

DotNaBox
  • 13
  • 2
  • 4
    There is no such thing as a Primary Domain Controller. Those went away with Windiws NT4. There is a PCD Emulator role, but that's not the same. – MDMarra Jul 11 '13 at 00:34
  • I don't know what MDMarra is talking about but there is a PDC Emulator role. PCD = Post Concussive Disorder? Pass Donkeys Carefully? ;) – joeqwerty Jul 11 '13 at 00:38
  • @DotNaBox are these two physical servers, or is this in a virtual environment? – pauska Jul 11 '13 at 00:57
  • Apologies for the delay in responding. These are physical servers. All answers provided are right on, but the one from longneck seems to exactly provide me with what I require. I was unaware that the idea of a PDC is a thing of the past and merely a moniker used internally. – DotNaBox Jul 11 '13 at 02:38
  • 1
    @joeqwerty Damn Post Concussive Disorder causing me to make PDC typos! – MDMarra Jul 12 '13 at 13:43

3 Answers3

3

Your steps should look more like this:

  1. Run dcpromo on dc1 and demote it.
  2. Unjoin DC1 from the domain and delete the computer account from AD.
  3. Reinstall DC1
  4. Run dcpromo on DC1 and make it a domain controller.
  5. Repeat steps 1-4 on dc2.

However, purposely running with only one domain controller makes me nervous. I highly recommend that you run a third domain controller at least temporarily, if not permanently. If you decide to run one temporarily, possible options include a VM (on an existing virtualization host or a Windows 8 machine or even if its something like VirtualBox) or just using a desktop computer temporarily.

longneck
  • 23,082
  • 4
  • 52
  • 86
  • Thank you for the response. This concise list is exactly what I need. Cheers! – DotNaBox Jul 11 '13 at 02:40
  • To clarify for the answers below - the DCPromo.exe demotion process on dc1 will transfer any FSMO roles that dc1 has to other domain controllers (assuming of course, that all replication is good - if it is not then fix it before even thinking about the stops above). – Greenstone Walker Jul 11 '13 at 03:37
0

Since PDCs no longer exist, every DC you have is a "primary" for all intents and purposes. That is, if you take one offline all you have to do is demote it and remove it properly from AD (metadata, etc). You'd want to follow these steps to avoid headaches down the road.

Nathan C
  • 15,059
  • 4
  • 43
  • 62
  • Thank you for the provided link. I will give it a solid read-over. I accepted longneck's answer formally, but hopefully others with >15 reputation will give this reply some points as well. – DotNaBox Jul 11 '13 at 02:39
  • No points from me, since every DC is *not* a primary. There are five single master roles - three are per-domain (PDC Emulator, RID Master, Infrastructure Master), two are per-forest (Schema Master, Domain Naming Master) - and one semi-special role (Global Catalog). If a DC holding one of these roles dies and cannot be recovered then you must be careful about seizing the role on another DC and then making sure the damaged one never comes back online. – Greenstone Walker Jul 11 '13 at 03:45
  • @GreenstoneWalker For the purposes of his question he did *not* have a complex setup like this. It was a simple two-DC setup and he wondered the correct process to shut it down (and it was being decommissioned). – Nathan C Jul 11 '13 at 11:25
0

As others have said, the PDC role is no longer. However, there is a PDCe role.

You'll want to transfer the PDCe role and any other roles thay are running on DC1, to DC2.

To transfer the PDCe Role via the GUI:

  1. Open the Active Directory Users and Computers snap-in from the Administrative Tools folder..
  2. Select the domain controller that will be the new role holder, the target, and press OK.
  3. Right-click the Active Directory Users and Computers icon again and press Operation Masters.
  4. Select the PDC tab and press the Change button.
  5. Press OK to confirm the change.
  6. Press OK all the way out.

Here is an article from TechNet on transferring all the FSMO roles.

Once the PDCe role (and any other roles) is moved, you can demote the DC. Once you have reinstalled Windows and promoted DC1 again, you would follow the same steps for DC2.

colealtdelete
  • 6,017
  • 2
  • 30
  • 34
  • For the purpose of shutting down DC1 temporarily there's really no need to transfer the FSMO roles. Once the OP is ready to demote DC1, DCPROMO will gracefully transfer the FSMO roles to the remaining DC. – joeqwerty Jul 11 '13 at 01:20
  • @joeqwerty Most likely my paranoia but I've seen it *not* work sometimes, hence why I do it this way. (Then again, I've inherited some jacked up environments) – colealtdelete Jul 11 '13 at 01:22
  • This environment is definitely clean and rather simple, actually. My goal here is to standardize all Windows deployments across the facility and the domain controllers are the last on my list. I think I am confident that the posts here will allow me to easily make this transition. – DotNaBox Jul 11 '13 at 02:40