How do I demote a sick Domain Controller (DC)

[Jason]

I'm trying to demote a Win2k domain controller and the old
workstations don’t seem to like the new DCs I made to
replace it.

I started by adding two new domain controllers (apparently
successfully) which brought my totals to 1 NT 4 BDC
(running Exchange 5.5) and three Win2k DCs. Transferred
all the operations master roles (Schema master, etc) to
the new Win2k DCs, also DNS, WINS, and DHCP.

At that point I noticed that even though I had four
servers capable of handling login requests, every
workstation on the network had for their login server the
domain controller I wanted to remove. Before running
DCPROMO and demoting the DC, I pulled it’s network cable
to make sure the PCs (mix of NT, Win2k, and XP Pro) on the
network would use one of the other DCs.

Every machine I tried to login to came back with: "This
system cannot log you on to this domain because the
system's computer account in its primary domain is missing
or the password on that account is incorrect." I quickly
reconnected the cable and everything was fine again.

I know I could probably fix this by shutting down the old
DC and simply removing and re-adding every PC to the
domain, but there are over 200 machines in 30 locations.

Anyone else ever run into this?

Jason

 

[Cary Shultz [MVP]]

-----Original Message-----
I'm trying to demote a Win2k domain controller and the old
workstations don't seem to like the new DCs I made to
replace it.

I started by adding two new domain controllers (apparently
successfully) which brought my totals to 1 NT 4 BDC
(running Exchange 5.5) and three Win2k DCs. Transferred
all the operations master roles (Schema master, etc) to
the new Win2k DCs, also DNS, WINS, and DHCP.

At that point I noticed that even though I had four
servers capable of handling login requests, every
workstation on the network had for their login server the
domain controller I wanted to remove. Before running
DCPROMO and demoting the DC, I pulled it's network cable
to make sure the PCs (mix of NT, Win2k, and XP Pro) on the
network would use one of the other DCs.

Every machine I tried to login to came back with: "This
system cannot log you on to this domain because the
system's computer account in its primary domain is missing
or the password on that account is incorrect." I quickly
reconnected the cable and everything was fine again.

I know I could probably fix this by shutting down the old
DC and simply removing and re-adding every PC to the
domain, but there are over 200 machines in 30 locations.

Anyone else ever run into this?

Jason

.

Jason,

Did you do an inplace upgrade of the WINNT 4 PDC? I ask
because somewhere in the back of my mind there is a MSKB
Article that talks about this situation. All of the
clients authenticate via this DC and this DC alone!

Give me about 1 hour or so. I have the article saved on a
different PC. I have some minor issues to take care of at
a client's site!

Cary

 

[Jason]

I'm trying to demote a Win2k domain controller and the

old
Jason,

Did you do an inplace upgrade of the WINNT 4 PDC? I ask
because somewhere in the back of my mind there is a MSKB
Article that talks about this situation. All of the
clients authenticate via this DC and this DC alone!

Give me about 1 hour or so. I have the article saved on a
different PC. I have some minor issues to take care of at
a client's site!

Cary
.

A long while ago I did do an inplace upgrade of the WinNT
PDC, but that server got demoted and later removed
entirely. The server that replaced the original WinNT
PDC/Win2k AD server is the one I now want to demote.

Jason

 

[Cary Shultz [MVP]]

-----Original Message----- on
A long while ago I did do an inplace upgrade of the WinNT
PDC, but that server got demoted and later removed
entirely. The server that replaced the original WinNT
PDC/Win2k AD server is the one I now want to demote.

Jason
.

Jason,

So I am sorta on the right track! I am going to give you
a few MSKB Articles for you to look at. Let me know if
any of them help!

BTW - the first two simply describe how a WIN2000 and a
WINXP Client locate a Domain Controller. Maybe this
helps you a bit, too.

WIN2000
http://support.microsoft.com/default.aspx?scid=KB;en-
us;247811

WINXP
http://support.microsoft.com/default.aspx?scid=kb;
[LN];314861

Prevent Overloading the first DC during Upgrade
http://support.microsoft.com/default.aspx?scid=kb;EN-
US;298713

The one to which I was referring:
http://support.microsoft.com/default.aspx?scid=kb;en-
us;284937

Not sure if it will help you to immediately resolve your
situation.

Take a look and let us know.

Cary

PS. Take a look at the Support Tools. The last article
makes mention of NETDOM, which is one of the big
utilities included with the Support Tools. The Support
Tools are located in two places: on the WIN2000 Server CD
in the Support | Tools folder and on the WIN2000 Service
Pack CD in the Support | Tools folder. Opt for the
Service Pack if possible. And install the Support Tools
on all of your WIN2000 Servers. The big six utilities
are ReplMon, RepAdmin, NLTest, DCDiag, NetDiag and
NETDOM. There is possibly another, NTDSUtil, but I can
not remember if that comes with WIN2000 Server already or
is installed via the Support Tools. I do not know
anymore because I install the Support Tools on each and
every WIN2000 Server that I touch!