PHWinfo - Afficher un message

08/09/2006, 19h34

Kevin D. Goodknecht Sr. [MVP] wrote:
> I take it that you just transferred the Roles, and turned the old DC off?
>

No. I transferred FSMO roles and demoted the old DC. Then turned it off.

> Did you run Dcpromo on it to demote it out of the domain as a Domain
> Controller?

Yes I did run dcpromo on the old server after transferring FSMO roles to
the new server and making the new server a GC server.

> If not reconnect it, turn it on and run DCpromo, that will remove it from
> Active Directory and it should de-register its records.
>

That's the problem. After demoting the old server, the old server
records are still intact in the DNS. That is why I manually deleted the
records.

> As far the _msdcs sub domain, that is a delegation that has NS records for
> all DNS servers that have the full _msdcs.my-domain.com zone, again, once
> you demote it out of AD as a DC it should remove its NS record from the
> delegation, too.
>

I would think so too but the old server record is intact in that folder.
It shows:

Name: (same as parent folder)
Type: Name Server (NS)
Data: WS2003TEMP.my-domain.com

WS2003TEMP is the old server. I manually removed WS2003TEMP and added
the new server into the list of Name Servers.

> Also, did you make the new server a Global Catalog in AD Sites & Services?

Yes I did make it a GC when the old DC was still online.

>
> All of these things must be done or the old DC will haunt you from now on
> until it is removed from Active Directory because the new DC will try to
> replicate to it.
>

I don't see any errors or warnings in the event logs. I'm just curious
why I can't see the security information under Security tab as I
mentioned earlier.

08/09/2006, 19h34	#3
Ron Messages: n/a Hébergeur:	Re: Removing old records Kevin D. Goodknecht Sr. [MVP] wrote: > I take it that you just transferred the Roles, and turned the old DC off? > No. I transferred FSMO roles and demoted the old DC. Then turned it off. > Did you run Dcpromo on it to demote it out of the domain as a Domain > Controller? Yes I did run dcpromo on the old server after transferring FSMO roles to the new server and making the new server a GC server. > If not reconnect it, turn it on and run DCpromo, that will remove it from > Active Directory and it should de-register its records. > That's the problem. After demoting the old server, the old server records are still intact in the DNS. That is why I manually deleted the records. > As far the _msdcs sub domain, that is a delegation that has NS records for > all DNS servers that have the full _msdcs.my-domain.com zone, again, once > you demote it out of AD as a DC it should remove its NS record from the > delegation, too. > I would think so too but the old server record is intact in that folder. It shows: Name: (same as parent folder) Type: Name Server (NS) Data: WS2003TEMP.my-domain.com WS2003TEMP is the old server. I manually removed WS2003TEMP and added the new server into the list of Name Servers. > Also, did you make the new server a Global Catalog in AD Sites & Services? Yes I did make it a GC when the old DC was still online. > > All of these things must be done or the old DC will haunt you from now on > until it is removed from Active Directory because the new DC will try to > replicate to it. > I don't see any errors or warnings in the event logs. I'm just curious why I can't see the security information under Security tab as I mentioned earlier.