Demote DC to Member Server

[Andrew]

I have a Win2k Active Directory Domain Controller which is
also the DC for a bunch of NT4 machines (all in the same
domain). Is it possible to demote the Win2k machine to a
member server and have one of the NT4 machines promoted to
a PDC?

 

[Herb Martin]

I have a Win2k Active Directory Domain Controller which is
also the DC for a bunch of NT4 machines (all in the same
domain). Is it possible to demote the Win2k machine to a
member server and have one of the NT4 machines promoted to
a PDC?

Make sure you have a working BDC that is correctly
replicated.

(If you don't have one now, you must install a NEW COPY of
NT Server AS A BDC before removing the current DC.)

Take the DC off the network -- dcpromo it using the /forcedremoval
switch if necessary.

Now, go into Server manager and Promote that BDC.
When it complains that it cannot find the the "PDC" -- tell it you
know what you are doing anyway.

 

[Guido Grillenmeier [MVP]]

hope you didn't do this yet.

you shouldn't forget about your clients - if you have a lot of 2k/XP clients
and 2k/2003 member servers, they'll have switched their DC locator
mechanisms and will preferr Kerberos authentication over NTLM. They will NO
LONGER try to authenitcate against you NT4 DCs... (!!)

this assumes, that you've not previously set the NT4Emulator registry key on
your 2000 DC (which would prevent the clients from "switching over").

So prior to demoting you 2000 DC, ensure you realize the impact on the rest
of your infrastructure - to repair this, you'll have to re-join every
"switched" client to the NT4 domain.

/Guido