Question

Windows 2000 Server Demote Questions

Asked by: Jesse003

We are planning to demote our initial Windows 2000 Server.  We are now running two Windows 2003 DCs and would like to get the Windows 2000 Server out of the mix.  Is there a way to restore the 2000 server back to a DC if the process goes wrong?  According to the docs I found it should be fairly simple to demote a server, I'm just curious of what kind of issues I may run into?

These are the instructions I plan to follow:
from http://support.microsoft.com/kb/238369/EN-US/
Removing Active Directory from a Domain Controller
NOTE: When a domain controller is demoted, if it is not the last domain controller in the domain, it performs a final replication and then transfers the roles to another domain controller. As part of the demotion process, the Dcpromo utility removes the configuration data for the domain controller from Active Directory. This data takes the form of an NTDS Settings object, which exists as a child to the server object in Active Directory Sites and Services Manager. After the domain controller is demoted it no longer has Active Directory information available, and uses the Security Accounts Manager (SAM) database for local database information. If the domain controller is a global catalog, that role is not transferred to another domain controller. In this case, you must manually select the check box in Active Directory Sites and Services Manager for another domain controller to take over the role.

If the demotion process does not succeed for any reason, you must manually delete this metadata from the directory. Use the Ntdsutil.exe utility to manually remove the NTDS Settings object. For additional information about how to use Ntdsutil.exe, click the article number below to view the article in the Microsoft Knowledge Base:
216498 (http://support.microsoft.com/kb/216498/EN-US/) Removing Active Directory Data After an Unsuccessful Demotion
1. Click Start, click Run, type dcpromo, and then click OK.
2. This starts the Active Directory Installation Wizard. Click Next.
3. There is a check box in the Remove Active Directory screen. If this computer is the last domain controller in the domain, click to select the check box. Otherwise, click Next.
4. In the next screen, set the password for the administrator account on the server after Active Directory is removed. Type the appropriate password in the Password and Confirm Password boxes, and then click Next.
5. In the Summary screen, review and confirm the options you selected, and then click Next.
6. The wizard begins the process of removing Active Directory from the server. After the process is finished, a message indicates that Active Directory was removed from the computer.
7. Click Finish to quit the wizard.  
8. Restart the computer.
NOTE: Windows 2000-based DNS severs should point to themselves for DNS in their TCP/IP properties. If this server needs to resolve names from its Internet service provider (ISP),you should configure a forwarder.

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2006-07-25 at 06:53:02ID21930965
Tags

controller

,

dcpromo

,

dns

,

server

Topic

Windows 2000 Operating System

Participating Experts
3
Points
500
Comments
6

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. demote a domain
    how to demote a domain controller?
  2. DCPROMO Demote problem
    Trying to demote a Win2K server from a DC to a member server. When it get part way through the process it comes up with a "NEW CREDENTIALS" box with the following message. The operation failed because: Failed to configure the service ismserv as requested. "...
  3. DCPROMO (demotion) and DNS
    When using dcpromo to demote a domain controller, will this also uninstall DNS?
  4. dcpromo to demote server
    1 old win2k server and 1 new win2003 server. Done the adprep at win2k old server, dcpromo new win2003 server, transfer all the FSMO roles over the new server, everything seems to wor fine. If I do not dcpromo the win2k old server to 'demote' it, what is the consequences? Shou...
  5. Using DCpromo to demote a windows 2003 server
    I am using dcpromo to demote a windows 2003 server. I have moved all FSMO roles to a windows 2008 server. When I run the DCpromo command from the windows 2003 server I receive the following message: The operation failed because: Active Directory could not transfer the remai...
  6. Failed dcpromo to demote DC
    Hi Because of lingering objects on a DC which was down for to long. I just want to check if I can use this procedure. Cant dcpromo the server as it fails. So if I do the following will it work ? Force demotion of the DC Run ntdsutil: metadata cleanup Do this on other liv...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: ryangormanPosted on 2006-07-25 at 07:27:39ID: 17176050

Demoting a Domain Controller is a painless task. You could even promote another Windows 2000 member server into a Windows 2003 domain if the domain mode was still Windows 2000 Native or Windows 2000 Mixed.

Before demoting a server you should check that no other clients rely on this server for DC centric tasks. I am assuming that your DCs provide DHCP/DNS/WINS although this need not be the case.

1. Manually transfer FSMO roles to preferred DCs.
2. Ensure that you have at least one other GC.
3. Transfer DHCP server to another server.
4. Ensure that you have at least one other DNS/WINS server.
5. Ensure that no clients rely on this server for DNS/WINS.
6. Configure this server to point to another internal DNS server in its TCP/IP properties.
7. Demote the server.

 

by: Jesse003Posted on 2006-07-25 at 13:02:30ID: 17178998

thanks, Is there an article that I can refer to that states this?  

 

by: Jay_Jay70Posted on 2006-07-25 at 16:06:33ID: 17180370

this will help to add an additional 2000 DC back in if you ever need to

1) Promote your new machine as an additional domain controller in an already existing domain - this will allow AD to replicate to the new server
2) Make sure DNS is AD integrated on your old DC to allow all DNS replications also
3) Transfer the FSMO roles to the new server
http://www.petri.co.il/transferring_fsmo_roles.htm
http://support.microsoft.com/default.aspx?scid=kb;en-us;255690
4) Make the new DC a Global Catalog under Sites and Services
http://support.microsoft.com/?kbid=313994
5) Deactivate DHCP on the old DC (if used) and recreate the scope on the new DC, note if you have a fairly complex or Large DHCP scheme you may want to export and import the database
http://support.microsoft.com/kb/325473/
6) Run DCDIAG to make sure all is well and replication is fine
7) Demote the old DC if you dont intend to keep it as a backup
8) Recreate Shares etc on the new server
9) Reinstall printers and share them etc....


this will allow you to have the complete AD directory on the new DC and clients will barely be aware of any changes


DCPROMO is buggy, you may find issues when demoting but we can deal with that when it comes, it also doesn't always remove the DC from sites and services, which you need to do manually

 

by: ryangormanPosted on 2006-07-26 at 01:20:32ID: 17182204

I can't find an article that gives all the steps in one place. Most 'demotion' articles assume that you know not to proceed with removing the DC that is instrumental in your DNS/DHCP/WINS/GC/FSMO\file\print strategy until you have provided these services elsewhere.

I suggest that you re-install a workstation with Windows Server 2003, join it to the domain, promote it, wait for synchronisation and then demote it. This way you will gain confidence in that part of the process.

I would take issue with Microsoft's blanket "NOTE: Windows 2000-based DNS severs should point to themselves for DNS in their TCP/IP properties.". That article is dated November 2004 and that part is wrong. You should ensure that no servers or clients are using the target DC for DNS if you are using Active Directory Integrated DNS. We pretty much assume that your DNS is AD-integrated.

 

by: ryangormanPosted on 2006-07-27 at 08:09:02ID: 17193383

What? Not even an assist for saying the same as the accepted poster 9 hours earlier?

 

by: joewy1Posted on 2009-05-26 at 08:16:11ID: 24474122

you definitely deserved something!!!

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...