Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Windows 2000 DC IP and Web Site IP different

Posted on 2003-03-10
Medium Priority
Last Modified: 2010-04-13
Hi, I have a domain with DC of domain.com for the network pointing to one IP, and domain.com for the web site pointing to another.  So i can get the web site to work, I have been deleting the DNS A record for the domain IP that it automatically puts in there.  Then the A record for the web site works.  But then a few days later, the domain IP is back in there again.  Whats the best way to do this?  Is deleting the domain IP bad for our internal network?  Do I have to have the web site for the domain on the same machine as the DC?  Thanks!
Question by:BuMp
  • 2
  • 2

Accepted Solution

Curtv earned 900 total points
ID: 8105440
Sounds like you are running your domain with active directory integrated. And you domain name is domain.com. You will need to rename your active directory ingregrated domain, change domain.com to something like domain.local or domain.domain anything but the FQDN. You can do this two ways. If you are still in mixed mode and have a spare machine you can do the following from MS article 292541.

Although you can rename a Windows 2000 domain in some situations that are described in this article, Microsoft highly recommends that you decide on the Fully Qualified Domain Name (FQDN) for DNS before you actually create a new domain or before you upgrade the domain from Windows NT 4.0 to Windows 2000. After you create the domain, you cannot rename a Windows 2000 domain controller. Renaming the domain involves a considerable amount of work, and it is only possible in a scenario that meets the following conditions:
You have to keep the Windows 2000 domain in Mixed mode. After you change it to Native mode, you cannot return the domain to Mixed mode, thereby rendering renaming impossible. To determine the mode in which the domain is currently running, expand Active Directory Users and Computers, right-click the domain name, and then click Properties. The mode appears in the Domain operation mode dialog box.For additional information about the different modes, click the article number below to view the article in the Microsoft Knowledge Base:
186153 Modes Supported by Windows 2000 domain controllers

Because the domain is in Mixed mode, it must also either have one or more existing Windows NT 4.0 backup domain controllers (BDCs), or computers that are available to use as Windows NT 4.0 BDCs.
Because you must demote all existing Windows 2000 domain controllers to member servers before you rename the domain controller, review the following information in terms of logistics:
The renaming can only take place after you revert the domain back to Windows NT 4.0, and then during the upgrade to Windows 2000, after you have renamed it with the desired DNS (FQDN) name. The NetBIOS domain name remains the same.
If you have created one or more child domains, you have to revert the child domains back to Windows NT 4.0 first, and then revert the parent domain. Next, you rename the parent when you upgrade it to Windows 2000, and then you bring the child domain up again when you upgrade it to Windows 2000. The amount of time that this process requires depends on the number of Windows 2000 domain controllers that are in the domain, in addition to their physical location.
If your scenario meets the conditions listed in the "Summary" section of this article, you can use the following steps to rename the Windows 2000 domain. These steps involve a single domain situation. If a child domain exists:
Complete the same steps to revert the domain back to Windows NT 4.0 on the child domain first, and then you stop after you complete step 6.
Complete steps 1 through 8 on the parent domain.
After you revert the parent domain back to Windows NT 4.0, and then upgrade it back to Windows 2000 with the desired name, you can complete the final upgrade steps to Windows 2000 on the former child domain, during which you make it a Windows 2000 child domain again.
To Rename a Windows 2000 Domain
Create a backup of any and/or all domain controllers that may be involved in this process.
If there are no existing Windows NT 4.0 BDCs in the Windows 2000 domain, then you have to install one that is preferably running service pack 6 or 6a. If you want, you can install a second BDC and then physically remove it from the domain to serve as a backup for the domain information as it contains all of the domain user accounts, and the Security Accounts Manager (SAM) and security information.
Allow sufficient time for this BDC to acquire all domain security and SAM information. To force a full SAM/security database replication, run the following command on the BDC:
net accounts /sync

A record of the successful full replication events should be logged in the System log.
If there is only one Windows 2000 domain controller in the domain, leave the Windows NT 4.0 BDC connected to the network, and physically remove the Windows 2000 domain controller from the network. If you have only one Windows 2000 domain controller, you can perform step 6 now before you continue with the demotion of the Windows 2000 domain controller.
You must now demote all the Windows 2000 domain controllers to member servers by running the dcpromo command on the actual domain controller. To run this command, click Start, click Run, type dcpromo, and then click OK. If there are more than one Windows 2000 domain controller, run dcpromo on each of them to make each one a member server, until there is only one Windows 2000 domain controller remaining.

Now you can disconnect the Windows 2000 domain controller from the network, while leaving the Windows NT 4.0 BDC connected. Run dcpromo on this last domain controller, and be sure to choose the last domain controller in the domain option. When this completes, and the computer restarts, it will be a member server in a work group, which you can then rejoin to the domain if you want to. If you disconnected one Windows 2000 domain controller in step 4, then you simply run the dcpromo command on it as described in this step.

Note: To run dcpromo successfully, the network adapter must detect a network connection. Therefore, the Windows 2000 domain controller must be attached to an active hub or switch, even if there are no other connections to the hub or switch, and it is isolated from everything else which is desired.
Open Server Manager on the Windows NT 4.0 BDC and promote this computer to a primary domain controller (PDC). If a message appears stating that it cannot contact the PDC and asks if you want to continue, click Yes, and then complete the promotion. When this is complete and the server restarts, verify in Server Manager that the computer it is now described as the PDC.
Upgrade this Windows NT 4.0 PDC to Windows 2000. When the Windows 2000 upgrade is complete, the computer restarts to begin the Active Directory installation. During this process, enter the desired domain name.
If you have demoted other Windows 2000 domain controllers earlier, you can now promote them back to domain controllers by running dcpromo on them.

Or you can upgrade to windows server 2003 (I think they call it that) which support renaming of an acitive directory domain.

If this isn't a production machine and you don't have abunch of user accounts and OUs to loose. run dcpromo to demote all DCs then run dcpromo and choose a name that isn't your FQDN.

Author Comment

ID: 8106509
Sounds like madness.  Its no longer in mixed mode, and I'd rather just have IIS on the DC forward to the actual web server if its going to require that much stuff.  I thought I had this set up with our old domain a similar way and never ran into any problems.  Any other ideas?

Expert Comment

ID: 8106615
I don't think you will want to run IIS on a DC. Password protecting part of a website only works with administrator logins and passwords, also windows media services doesn't work with a domain controller, those are the issues I can remember, there maybe others. You could upgrade to windows 2003 server (supports renaming domains).

You could also create a new zone with domain.local or whatever integrate it with active directory then remove the integration with active directory from the old domain. I have not tried this but its an idea. If you do this I hope you have two DCs sync them then take one off line while you try the above.

There is no easy way around this issue. If your going to resolve it, there are many hours of work, but it can be done. I have done it twice in the last year.

Author Comment

ID: 8106642
OK well i appreciate the comments.  I will accept your first answer so others can see what to do also.  Thanks!

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
As a matter of fact, Outlook OST files are of much importance in relation to Exchange mailbox. OST files are independent as they are simply copy of data of a user’s mailbox on Exchange Server. Though, if the server’s status is changed or it is dama…
Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data. A Microsoft Access subform is used to show relevant calcul…
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question