I am getting this in step 11-7 of the migration tutorial removing the AD Cert Service. At this point should I try to continue or take some other steps such as doing a force removal of the old DC. Also at what point to am I to turn off the DFS between the old and new?
Thanks in advance!
Hello Robert,
We cannot gracefully demote the old server if it does not allow us to uninstall AD Certificate Services. If needed we can use ntdsutil to seize the old DC from the network. This has no effect on DFS between old and new because that can even run between new DC and an ordinary file server. The SBS will be such a file server if demoted but I am wondering how it will behave if not gracefully demoted, I don't know.
If replication in DFS is completed and file and folder count is equal you can break replication partners as described in How to migrate data from one server to another with DFS. After doing this I would make the remaining share on the old server Read-only so nobody can write to that. You also need to check if you have any mapped drives to old shares, those need to be mapped to the new shares from the new server.
Hi Mariette
The DFS is in sync and up to date and all the client machines are using the new server shares now so I think we can safely break the DFS and like you had mentioned set the old server to read only.
Do you have any documentation or links on how to proceed on seizing the old DC with the ntdsutil? My plan is to decommission the old server once these steps are completed.
Thank you again
Rob T
Hello Rob,
Here is the documentation you need for seizing that old DC Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller.
The new server already has all the FSMO roles so I think we are good there. If I just skip the graceful demotion of the old server I think there are cleanups I would need to do to remove it from the AD permanently. I found this: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816826%28v%3dws.10%29
Not sure if you agree this is best course of action.
Thank you
Rob
After doing the above you need to follow this Seize the Operations Master Role | Microsoft Docs to complete the procedure.
Again you were correct, the new server only had 3/5 roles. I followed your instructions, broke the DFS replications, set the old server to read only on shares, before disconnecting it permanently and then seized the roles and cleaned AD.
Couldn't have done it without you - wonderful site thank you.
Your browser doesn't have Flash, Silverlight or HTML5 support.