1

I have spent the last hour Googling for an answer to my question and although some questions are close, I of course want to verify my particular need to ensure I do not introduce any unneeded downtime at my facility. In short, I need to reinstall Windows on both my DC1 (primary) and DC2 for conformity reasons and would like to verify the process.

Environment:

  • 2x identical servers running Windows Server 2008 R2 Standard
  • Roles: ADDS, DNS, File Services, Web Server

My Thoughts:

  1. Promote DC2 to act as primary domain controller
  2. Shut down DC1 for the day to ensure no services complain
  3. Demote DC1
  4. Reinstall Windows on DC1
  5. Promote DC1 to be primary
  6. Demote DC2
  7. Reinstall Windows on DC2
  8. Add DC2 back as GC

Please let me know if I am completely off base and, ideally, documentation/best practices documentation from Microsoft that will cover this procedure.

Improve this question
5
  • 4
    There is no such thing as a Primary Domain Controller. Those went away with Windiws NT4. There is a PCD Emulator role, but that's not the same. Commented Jul 11, 2013 at 0:34
  • I don't know what MDMarra is talking about but there is a PDC Emulator role. PCD = Post Concussive Disorder? Pass Donkeys Carefully? ;) Commented Jul 11, 2013 at 0:38
  • @DotNaBox are these two physical servers, or is this in a virtual environment? Commented Jul 11, 2013 at 0:57
  • Apologies for the delay in responding. These are physical servers. All answers provided are right on, but the one from longneck seems to exactly provide me with what I require. I was unaware that the idea of a PDC is a thing of the past and merely a moniker used internally. Commented Jul 11, 2013 at 2:38
  • 1
    @joeqwerty Damn Post Concussive Disorder causing me to make PDC typos! Commented Jul 12, 2013 at 13:43

3 Answers 3

Reset to default
3

Your steps should look more like this:

  1. Run dcpromo on dc1 and demote it.
  2. Unjoin DC1 from the domain and delete the computer account from AD.
  3. Reinstall DC1
  4. Run dcpromo on DC1 and make it a domain controller.
  5. Repeat steps 1-4 on dc2.

However, purposely running with only one domain controller makes me nervous. I highly recommend that you run a third domain controller at least temporarily, if not permanently. If you decide to run one temporarily, possible options include a VM (on an existing virtualization host or a Windows 8 machine or even if its something like VirtualBox) or just using a desktop computer temporarily.

Improve this answer
2
  • Thank you for the response. This concise list is exactly what I need. Cheers! Commented Jul 11, 2013 at 2:40
  • To clarify for the answers below - the DCPromo.exe demotion process on dc1 will transfer any FSMO roles that dc1 has to other domain controllers (assuming of course, that all replication is good - if it is not then fix it before even thinking about the stops above). Commented Jul 11, 2013 at 3:37
0

Since PDCs no longer exist, every DC you have is a "primary" for all intents and purposes. That is, if you take one offline all you have to do is demote it and remove it properly from AD (metadata, etc). You'd want to follow these steps to avoid headaches down the road.

Improve this answer
3
  • Thank you for the provided link. I will give it a solid read-over. I accepted longneck's answer formally, but hopefully others with >15 reputation will give this reply some points as well. Commented Jul 11, 2013 at 2:39
  • No points from me, since every DC is not a primary. There are five single master roles - three are per-domain (PDC Emulator, RID Master, Infrastructure Master), two are per-forest (Schema Master, Domain Naming Master) - and one semi-special role (Global Catalog). If a DC holding one of these roles dies and cannot be recovered then you must be careful about seizing the role on another DC and then making sure the damaged one never comes back online. Commented Jul 11, 2013 at 3:45
  • @GreenstoneWalker For the purposes of his question he did not have a complex setup like this. It was a simple two-DC setup and he wondered the correct process to shut it down (and it was being decommissioned). Commented Jul 11, 2013 at 11:25
0

As others have said, the PDC role is no longer. However, there is a PDCe role.

You'll want to transfer the PDCe role and any other roles thay are running on DC1, to DC2.

To transfer the PDCe Role via the GUI:

  1. Open the Active Directory Users and Computers snap-in from the Administrative Tools folder..
  2. Select the domain controller that will be the new role holder, the target, and press OK.
  3. Right-click the Active Directory Users and Computers icon again and press Operation Masters.
  4. Select the PDC tab and press the Change button.
  5. Press OK to confirm the change.
  6. Press OK all the way out.

Here is an article from TechNet on transferring all the FSMO roles.

Once the PDCe role (and any other roles) is moved, you can demote the DC. Once you have reinstalled Windows and promoted DC1 again, you would follow the same steps for DC2.

Improve this answer
3
  • For the purpose of shutting down DC1 temporarily there's really no need to transfer the FSMO roles. Once the OP is ready to demote DC1, DCPROMO will gracefully transfer the FSMO roles to the remaining DC. Commented Jul 11, 2013 at 1:20
  • @joeqwerty Most likely my paranoia but I've seen it not work sometimes, hence why I do it this way. (Then again, I've inherited some jacked up environments) Commented Jul 11, 2013 at 1:22
  • This environment is definitely clean and rather simple, actually. My goal here is to standardize all Windows deployments across the facility and the domain controllers are the last on my list. I think I am confident that the posts here will allow me to easily make this transition. Commented Jul 11, 2013 at 2:40

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.