I've had several questions recently about how to split a dual purpose domain controller. Most of the question seems to start off with… "I work in a small office and a few years ago when we upgraded to Windows 2000, we could not afford to purchase two servers. So, we deployed a single domain controller for our office. We also used the DC to host our [fill in the blank] services as well. Now we want to spit this dual purpose DC so that each function resides on a new system of its own. How can we make the migration to the two new server boxes without losing our data?"
The solution to this dilemma is surprisingly simple and straightforward. It lies in the fact that all domain controllers for Windows 2000 Server (as well as for Windows Server 2003) are peers. With this single fact, the solution should be obvious.
Here are the basic steps to take:
1. Install Windows 2000 Server (or Windows Server 2003) onto one (or both) of the new
2. Make the new systems members of the existing domain.
3. Upgrade or promote one of the new servers to become a domain controller.
After this is accomplished, stress test the new system for a few days. Once it shows resiliency and reliability, you can then proceed to complete the transition:
1. Demote the previous domain controller down to becoming a member server.
2. Install the [fill in the blank] service software on the second new system.
3. Move your data
At this point, you now have a domain controller running on the new hardware and a member server on new hardware running your special application. You also have the old server. Would you like a suggestion on what to do with it?
I would highly recommend the deployment of at least one additional domain controller to give your domain some fault tolerance. So, here is what to do:
1. Format the old server to clear everything off of its drives.
2. Install your flavor of Windows Server.
3. Join this system to the domain.
4. Promote it to the status of domain controller.
Now, not only have you split your old double-duty DC, you have also improved your network by
deploying a "backup" or second domain controller. With two (or more) domain controllers managing
the same domain, you can take one domain controller offline for maintenance or upgrades without
taking down your network. Plus, in the unfortunate event of a hardware or system failure, you have
some insurance against lengthy downtime and loss of your Active Directory database.
This was first published in December 2004