So I ask, what do you do for fun on the weekends? I seem to enjoy managing my home network. This weekend, it was fixing active directory, which meant, removing my primary DC and replacing it.
I had been having problems for quite some time, but had not had the chance to setup a new DC to take over the FSMO roles. Well, with the addition of my new DL 380 server, I finally decided it was time to fix all those annoying AD problems. I started out by create a new DC (02) as a VM on my primary desktop computer. Since I’m running 3GB or RAM in it now, I have enough to spare to run a DC to manage all of 5 computers at my house (I know, overkill).
After I got the new domain controller (02) up and running, I let it sit for a week, mainly because I had other things to take care of. It also made sure that some of the AD replicated over. Since this is my home network, and if I completely trash it, I’m not out of a job, I’m taking a fair number of shortcuts (which probably led to my primary DC experience problems in the first place), so I would not use my steps below as is in a production environment.
I knew I needed to transfer the FSMO roles from the old DC (01) to the new DC (02), and did so by following this guide. I also set the new DC (02) to handle the Global Catalog using this guide. I rebooted the machine between each step, and checked the event log for any errors. I finally got it down to where there were no errors on startup, and everything seems to have been replicated to the new dc. So it was now time to kill off the old DC (01), and make a new one (still 01). I followed this Technet article on how to demote a domain controller. DCPromo failed the first time on the NETLOGON step, but the 2nd time it was a success. I shut down the VM, deleted the old vmdk, and copied the vmdk from my base image to the folder for the DC (01).
DC01 booted up, as expected, so I configured it for Sysprep rebooted, and went thru the setup wizard. Did a quick windows update, installed DNS, and I was ready for some DCPromo Action. Not much to say, the DCPromo went smooth, changed the FSMO roles and GC back to DC01, rebooted, and everything was looking good.
There was one last issue, and that was with DNS. I was getting a warning under event id 4515. I installed the Win2k3 support tools and used ADSIEdit.msc per these instructions to fix it. I deleted the extra zone from the domain (option 2) and the “system” (option 3), leaving just the zone in the forest (option 1). I restarted the DNS service on both DC’s, and no longer got the errors.