[unisog] [windows-hied]: removing root Domain controller of AD2K domai n/forest

Mumtaj Farrukh m.farrukh at auckland.ac.nz
Wed Jun 15 23:38:24 GMT 2005


Many thanks,

 

It was another option in my DR plan. Yes, I will bring another DC in each of
domain to balance performance.

 

Regards,

 

MF

 

 Mumtaj Farrukh Khawaja

Directory Service Administrator

ITSS, The University of Auckland.

Rm G01 76 Symonds Street
The University of Auckland,
Private Bag 92019
Auckland 1020

*: +64-9-3737-599 x 84462  

Mobile: +64-21-678-685

☺ Email:   <mailto:m.farrukh at auckland.ac.nz> m.farrukh at auckland.ac.nz 

www.ITSS.auckland.ac.nz <http://www.itss.auckland.ac.nz/> 

gggggggggggggggggggggggggggggggg

"Soft voice and sweet smile can win the world....Keep smiling it doesn't
cost much." --Unknown clown

  _____  

From: Wiemer, Randy R. [mailto:wiemer at missouri.edu] 
Sent: Thursday, 16 June 2005 11:36 a.m.
To: Mumtaj Farrukh; windows-hied at lists.Stanford.EDU
Cc: unisog at lists.sans.org
Subject: RE: [windows-hied]: removing root Domain controller of AD2K
domain/forest

 

You should run dcpromo on each machne that is to be removed to properly
demote them back to member servers (after you move the FSMO roles).  Failure
to perform this step will mean that the remaining domain controllers will
continue to try to replicate with them and the KCC will keep attempting to
build a replication topology that can succeed at communicating with them.
Both of these conditions should be avoided.

 

It appears that you will end up with a forest root domain (A) that has a
single domain controller.  This is not a good idea in that you should have a
minimum of two domain controllers in each domain to have the redundancy that
is designed into the system.

 

Randy Wiemer

University of Missouri

 

  _____  

From: owner-windows-hied at lists.Stanford.EDU
[mailto:owner-windows-hied at lists.Stanford.EDU] On Behalf Of Mumtaj Farrukh
Sent: Wednesday, June 15, 2005 6:00 PM
To: 'windows-hied at lists.Stanford.EDU'
Cc: 'unisog at lists.sans.org'
Subject: [windows-hied]: removing root Domain controller of AD2K
domain/forest

Hi,

 

We have two domains in the forest. Root domain A have two DC, Child domain B
have 3 DC in production environment. I have to remove root domain controller
of both domain to return h/w. 

How AD will behave if both DC would be shut down without decommissioning
–after moving all FISMO roles to other live DC’s of the domain? Or what
would be best approach for smooth run of AD even after removing these root
DCs?

 

Please share your knowledge if anyone has previous of similar type of
situation.

 

Regards,

MF

 

 Mumtaj Farrukh Khawaja

Directory Service Administrator

ITSS, The University of Auckland.

Rm G01 76 Symonds Street
The University of Auckland,
Private Bag 92019
Auckland 1020

*: +64-9-3737-599 x 84462  

Mobile: +64-21-678-685

☺ Email:   <mailto:m.farrukh at auckland.ac.nz> m.farrukh at auckland.ac.nz 

www.ITSS.auckland.ac.nz <http://www.itss.auckland.ac.nz/> 

gggggggggggggggggggggggggggggggg

"Soft voice and sweet smile can win the world....Keep smiling it doesn't
cost much." --Unknown clown

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.dshield.org/pipermail/unisog/attachments/20050616/5a97a5e5/attachment-0001.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 38556 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050616/5a97a5e5/image001-0001.gif


More information about the unisog mailing list