Windows 2000 authentification problem
Posted on 2001-09-07
I have a NT domain with 1 PDC and 1 BDC with Exchange Server 5.5 resides on BDC. Last month, I have upgraded all workstations to Win2000 prof. Then I upgraded all the server to Windows 2000 Server. Following is what I have done:
1- promote BDC containing Exchange Server to PDC. Now Exchange Server became PDC and old PDC became BDC.
2- upgrade this new PDC to Windows 2000 Server first as Active Directory controller (named as AD1).
3- upgraded BDC to Windows 2000 Server and promoted it to be an Active Directory Controller. However, this process failed. After changing something in DNS server, this server could finally be promoted to AD controller (named as AD2).
All are working fine until the day when I have a new staff and have her account created.
Now problem happened. The new account can access all shared folders on all other servers except one on AD2.
Thinking that the problem may be in the AD replication process, I tried to demoted AD2 to be a member server but it is impossible because of an "access denied" even with a domain administrator. Checking AD2, I just discovered that this server still use SAM and old domain user database existed on it for authetification instead of new AD user database. I now want to remove old SAM and domain user database but don't know how. Could you please tell me HOW TO:
1- EITHER remove old SAM and domain user database so that the Active Directory in AD2 could take over the authentification
2- OR remove AD database on AD2 to demote manually it to a normal member server and then promote it back to an AD controller later.
Thank you very much in advance.