So... in my environment we have four ancient DC's. Two root DC's and two of five subdomain DC's. These have been around enough and our environment is complex enough that we aren't sure how many systems rely in the specific IP or hostname.
Seems to me it should be fairly straightforward to stand up new with same name/IP as the originals: * Transfer all FSMO roles * Demote DC (DCRPOMO) * Unjoin from domain * Power off * Build new server with same name * Join to domain * Install AD DS roles * DCPROMO * Transfer FSMO roles back (optional) Now in one case the DC is also a certificate server, although we aren't 100% sure if/how it's being used. Surely there are some caveats to consider? David Lum Sr. Systems Engineer // NWEATM Office 503.548.5229 // Cell (voice/text) 503.267.9764