[NTSysADM] RE: Help me fire my old DC's

[Brian Desmond]

Additional feedback inline



Thanks,
Brian Desmond
br...@briandesmond.com<mailto:br...@briandesmond.com>

w - 312.625.1438 | c - 312.731.3132

From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Michael B. Smith
Sent: Friday, April 11, 2014 7:06 AM
To: ntsysadm@lists.myitforum.com
Subject: [NTSysADM] RE: Help me fire my old DC's

"demote them" should be the last step, not the 3rd step.

From: listsad...@lists.myitforum.com<mailto:listsad...@lists.myitforum.com> 
[mailto:listsad...@lists.myitforum.com] On Behalf Of David McSpadden
Sent: Friday, April 11, 2014 7:59 AM
To: ntsysadm@lists.myitforum.com<mailto:ntsysadm@lists.myitforum.com>
Subject: [NTSysADM] Help me fire my old DC's

Ok, you guys almost have me convinced to not P2V my 2 DC's at this Data Center.

Now I have never actually demoted one.  (All of my old DC's have just hardware 
failed.)

(I do have a 2012 DC up and have migrated all the FSMO roles to it and made it 
my SNTP time provider.)

So to do this correctly.  I am going to use this checklist.
-Make sure none of them are in my SNTP setup and Time providers.
-Make sure no clients are using them for DNS resolution.
[Brian Desmond] If you have aging/scavenging enabled (good), you need to enable 
the process on your new DCs.
-Demote them.
[Brian Desmond] Per MBS, this goes down two.
-Make sure they are no longer Global Catalog providers for the Exchange 2010 
environment.
[Brian Desmond] This isn't necessary unless you've hardcoded some DSACCESS 
settings in Exchange (bad).
-Make sure they are no longer LDAP connectors for my Cisco Anywhere client 
connection on my ASA 5500.
[Brian Desmond] This needs to happen up earlier.
-Make sure I can still access the IIS apps that are loaded on one of them.
-For the 2008 R2 DC at this point I can just un join it from the Domain and 
then shut off.
---Then remove all DNS records or OU records that may remain after 1 day. (Give 
replication a very good amount of time.)
[Brian Desmond] You shouldn't need to delete any DNS records if you have 
aging/scavenging enabled. You can of course delete the computer account.
-For the 2003 DC (With IIS apps installed.) I should be able to P2V at this 
time.



This e-mail and any files transmitted with it are property of Indiana Members 
Credit Union, are confidential, and are intended solely for the use of the 
individual or entity to whom this e-mail is addressed. If you are not one of 
the named recipient(s) or otherwise have reason to believe that you have 
received this message in error, please notify the sender and delete this 
message immediately from your computer. Any other use, retention, 
dissemination, forwarding, printing, or copying of this email is strictly 
prohibited.


Please consider the environment before printing this email.