Hey everyone! I'm working with a couple of domain controllers in a relatively simple setup — one old domain controller running Windows Server 2012 R2 and another that's on Windows Server 2019. Lately, I added a new Server 2019 DC and everything seems to be running smoothly, including DNS and replication. Now, I'm looking to retire the old 2012 server. My plan involves switching DNS to only include the 2019 servers, updating DHCP configurations, and then taking the older 2019 server offline for some needed maintenance.
I'm aware that there could be issues, especially with environments that have older Active Directory setups. So I'm seeking advice on potential pitfalls and if anyone thinks my approach might have major flaws. My goal is to ensure reliable domain controllers while I work on cleaning up my system. Any help would be appreciated! Thanks!
5 Answers
First off, don’t forget to transfer your FSMO roles and ensure that replication is working properly before you start demoting anything. Once you've migrated the DHCP service to the new DC, go ahead and demote the old one, making sure to clean up any metadata afterward. Just keep everything replicated, and you should be fine!
A good tip is to use temporary IPs on your new server until you dethrone the old one. Once you’ve demoted the old DC, you can change the new server to use that IP. This way, you won’t need to frequently update your DNS settings, which minimizes the risk of issues. And remember to transfer the five master roles during the process!
Definitely make sure to transfer those FSMO roles and consider updating your forest and domain levels soon after. This could help with future compatibility and features!
Before diving in, why not consider upgrading to Server 2022? I’ve read some issues about Server 2025 as a DC, so just keep that in mind. Also, be sure to double-check any printer settings or GPOs associated with a print server if you have one. That’s easily overlooked!
Using Wireshark can be really helpful to see what devices are still trying to connect to the old DC. It'll give you a good overview of any lingering connections that you might need to address.
Thanks for the heads-up! That sounds like a solid plan.