I want to remove my last Win2k DC from network

J

Jeff Franks

I have a small network with 2 Domain controllers. Originally, this network
was setup with a Windows 2000 server only. Then later, we added a new
Windows 2003 server and the new server was made into a second AD Domain
Controller. I have made the 2003 box a GC server.

The problem is that I can't remove the Win2k box. If that server is
offline, NONE of the other servers or workstations will authenticate. In
fact, if the 2000 server isn't running, the 2003 server will hang on bootup
in the Applying Network Settings page and sit there for an hour (sometimes
it never comes up at all).

What have I done wrong here? I wish I could give more detail, but this has
been a process going on for about 4 years and I can't remember everything we
did. I do know that I used a Microsoft Document to do the "upgrade" of AD
when I put in the 2003 server. But who knows?

Ideas?

jf
 
R

Richard Mueller [MVP]

Jeff said:
I have a small network with 2 Domain controllers. Originally, this network
was setup with a Windows 2000 server only. Then later, we added a new
Windows 2003 server and the new server was made into a second AD Domain
Controller. I have made the 2003 box a GC server.

The problem is that I can't remove the Win2k box. If that server is
offline, NONE of the other servers or workstations will authenticate. In
fact, if the 2000 server isn't running, the 2003 server will hang on
bootup in the Applying Network Settings page and sit there for an hour
(sometimes it never comes up at all).

What have I done wrong here? I wish I could give more detail, but this
has been a process going on for about 4 years and I can't remember
everything we did. I do know that I used a Microsoft Document to do the
"upgrade" of AD when I put in the 2003 server. But who knows?
Click to expand...

You must transfer all of the FSMO (Flexible Single Master Operations) roles
to the remaining DC. These are:

Schema Master
Domain Naming Master
PDC Emulator
RID Master
Infrastructure Master

You can use AD Domains and Trusts to transfer Domain Naming Master, AD
Schema snap-ing for the Schema Master, and AD Users and Computers for the
rest. Or you can use the NTDSUTIL utility.
 
R

Richard Mueller [MVP]

Richard Mueller said:
You must transfer all of the FSMO (Flexible Single Master Operations)
roles to the remaining DC. These are:

Schema Master
Domain Naming Master
PDC Emulator
RID Master
Infrastructure Master

You can use AD Domains and Trusts to transfer Domain Naming Master, AD
Schema snap-ing for the Schema Master, and AD Users and Computers for the
rest. Or you can use the NTDSUTIL utility.
Click to expand...

More detail here:

http://support.microsoft.com/kb/324801
 
J

Jeff Franks

You, sir, are a steely-eyed missile man. Thanks for the help! That did the
trick!

jf
 
M

Meinolf Weber

Hello Jeff,

You have to move the 5 FSMO roles to the new server. Also if not done, make
it DNS server adn reconfigure the clients to use this now as there preferred
DNS. If the old one was also configured to obtain time from an external tim
source you have to reconfigure that also.

Move FSMO roles:
http://support.microsoft.com/kb/324801

Time service:
http://technet2.microsoft.com/Windo...ef46-4931-8e4a-2fc5b4ddb0471033.mspx?mfr=true

http://technet2.microsoft.com/windo...c594-4d43-9195-e54e4cb89d251033.mspx?mfr=true

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
 
H

Hank Arnold (MVP)

Glad to hear it worked out. Keep in mind that it is a very risky
situation having a single domain controller. Try to imagine the work you
are in for if the OS or the hardware go the way of all things. Best
practices say that you should have at least 2 DCs. If set up properly,
you will be able to continue running until you get the off line system
back up (or replaced).

If you mus continue to run with one DC, be sure to have a bullet proof
disaster recovery process set up.....

--

Regards,
Hank Arnold
Microsoft MVP
Windows Server - Directory Services

Jeff said:
You, sir, are a steely-eyed missile man. Thanks for the help! That did the
trick!

jf
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Remove orphaned Win2K DC from AD 2
Will Win2K AD work with Win2K3 AD? 1
adding a Windows 2003 server and promote to DC in Windows 2000 AD/Domain 4
2003 GC in 2000 AD 8
Global Catalog Setup 0
Journal Wrap Error on Single DC Domain 10
Old DC x New DC 1
active directory of users on win2k server 5

Top