This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(9.6, 86%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
I have 2 domain controllers, Primary is Windows Server 2012 and the secondary Domain Controller is Windows Server 2022. Primary successfully replicates to Secondary without issues and visa versa if I make changes in Secondary. I want to decommission the Primary DC, I followed the steps to transfer all 5 FSMO roles to secondary and now secondary is supposed to be Primary.
All servers see the secondary DC and it is listed as a DNS in ipconfig/all. When I shutdown the old 2012 DC, I Could not access any of the servers with domain name only IP. I tried flushing DNS but that did not help. I turned old server back on and was able to access my servers again but some servers had issues with RDP but are okay now.
Did I miss a step to make the 2022 server a Primary DC so old one can be decommissioned? do I have to make any changes on DNS Management?
No need to remove the domain controller. You can freely transfer roles as needed at any time.
Step-By-Step: Migrating Active Directory FSMO Roles From Windows Server 2012 R2 to 2016
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Make sure you updated DHCP server to hand out new address, also check that all statically assigned members have DNS on connection properties updated with correct addresses. Also check the event logs for clues.
--please don't forget to upvote and Accept as answer if the reply is helpful--
This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
Technically there is no primary or secondary/backup domain controllers since windows server 2000. All domain controllers are equal.
Ensure :
BOTH are global catalog servers
Ensure DNS is set up correctly for all client systems and other servers and devices. What is correctly? That ONLY the new DC is listed for DNS.
Ensure DNS servers are set up correctly. What does correctly mean? https://www.ajtek.ca/guides/domain-controller-dns-in-an-active-directory-environment/
Yes... You need to set this up even though you are getting rid of one. After it is gone, you can then adjust the DNS on the one left standing.
If your old DC is providing DHCP services (likely), you will need to ensure that your new DC is setup to supply DHCP, is enabled, and authorized in the domain to give addresses to clients. Then unauthorize the old server and wait or force all clients to reregister their IPs.
DHCP is handled by our Meraki Security Appliance and I have set the DC IPs on the appliance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 46%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER4%3C/text%3E%3C/svg%3E)
Can you post the results of dcdiag /v /e and repladmin /replsummary