Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / Windows 2000 / Active Directory / July 2008

Tip: Looking for answers? Try searching our database.

I want to remove my last Win2k DC from network

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Jeff Franks - 09 Jul 2008 23:18 GMT
I have a small network with 2 Domain controllers.  Originally, this network
was setup with a Windows 2000 server only.  Then later, we added a new
Windows 2003 server and the new server was made into a second AD Domain
Controller.  I have made the 2003 box a GC server.

The problem is that I can't remove the Win2k box.  If that server is
offline, NONE of the other servers or workstations will authenticate.  In
fact, if the 2000 server isn't running, the 2003 server will hang on bootup
in the Applying Network Settings page and sit there for an hour (sometimes
it never comes up at all).

What have I done wrong here?  I wish I could give more detail, but this has
been a process going on for about 4 years and I can't remember everything we
did.  I do know that I used a Microsoft Document to do the "upgrade" of AD
when I put in the 2003 server.  But who knows?

Ideas?

jf
Reply to this Message
Richard Mueller [MVP] - 10 Jul 2008 01:01 GMT
>I have a small network with 2 Domain controllers.  Originally, this network
>was setup with a Windows 2000 server only.  Then later, we added a new
[quoted text clipped - 11 lines]
> everything we did.  I do know that I used a Microsoft Document to do the
> "upgrade" of AD when I put in the 2003 server.  But who knows?

You must transfer all of the FSMO (Flexible Single Master Operations) roles
to the remaining DC. These are:

Schema Master
Domain Naming Master
PDC Emulator
RID Master
Infrastructure Master

You can use AD Domains and Trusts to transfer Domain Naming Master, AD
Schema snap-ing for the Schema Master, and AD Users and Computers for the
rest. Or you can use the NTDSUTIL utility.

Signature

Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

Reply to this Message
Richard Mueller [MVP] - 10 Jul 2008 01:04 GMT
>>I have a small network with 2 Domain controllers.  Originally, this
>>network was setup with a Windows 2000 server only.  Then later, we added a
[quoted text clipped - 24 lines]
> Schema snap-ing for the Schema Master, and AD Users and Computers for the
> rest. Or you can use the NTDSUTIL utility.

More detail here:

http://support.microsoft.com/kb/324801

Signature

Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

Reply to this Message
Jeff Franks - 10 Jul 2008 01:29 GMT
You, sir, are a steely-eyed missile man.  Thanks for the help!  That did the
trick!

jf

>>>I have a small network with 2 Domain controllers.  Originally, this
>>>network was setup with a Windows 2000 server only.  Then later, we added
[quoted text clipped - 28 lines]
>
> http://support.microsoft.com/kb/324801
Reply to this Message
Hank Arnold (MVP) - 10 Jul 2008 12:49 GMT
Glad to hear it worked out. Keep in mind that it is a very risky
situation having a single domain controller. Try to imagine the work you
are in for if the OS or the hardware go the way of all things. Best
practices say that you should have at least 2 DCs. If set up properly,
you will be able to continue running until you get the off line system
back up (or replaced).

If you mus continue to run with one DC, be sure to have a bullet proof
disaster recovery process set up.....

Signature

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services

> You, sir, are a steely-eyed missile man.  Thanks for the help!  That did the
> trick!
[quoted text clipped - 32 lines]
>>
>> http://support.microsoft.com/kb/324801
Reply to this Message
Meinolf Weber - 10 Jul 2008 09:20 GMT
Hello Jeff,

You have to move the 5 FSMO roles to the new server. Also if not done, make
it DNS server adn reconfigure the clients to use this now as there preferred
DNS. If the old one was also configured to obtain time from an external tim
source you have to reconfigure that also.

Move FSMO roles:
http://support.microsoft.com/kb/324801

Time service:
http://technet2.microsoft.com/WindowsServer/en/library/ce8890cf-ef46-4931-8e4a-2
fc5b4ddb0471033.mspx?mfr=true

http://technet2.microsoft.com/windowsserver/en/library/4a63190b-c594-4d43-9195-e
54e4cb89d251033.mspx?mfr=true

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> I have a small network with 2 Domain controllers.  Originally, this
> network was setup with a Windows 2000 server only.  Then later, we
[quoted text clipped - 16 lines]
>
> jf
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.