Solved

Preserve the user accounts and security groups during a win2ksrv(dc) demotion?

Posted on 2004-04-20
4
211 Views
Last Modified: 2010-04-13
I have recently taken over the network administration duties at the company that i work for. I now understand why the network never seemed to work. Its a nightmare. I need some help.

I have a Dell server running Windows 2000 Server(DC). We do have a domain and it is registered. (We are not hosting the DNS for the domain on our server though.)  I have managed to clean-up a lot of the mess by uninstalling unused services (Media Services, RIP, etc.) This has given us back a lot of resources.

Problems:
1.   The NetBIOS and Domain names are different.
2.   The domain is set as domain.com as if we were hosting it. It should be domain.local
3.   I need to preserve the user accounts and passwords

The answer that i see to my first two problems is that i need to demote the server to a member server. Then promote it back to being the DC. I think that will erase the domain user accounts, security groups, and all other domain level configurations. Is there a way to preserve the user accounts and security groups during a win2ksrv(dc) demotion?

A new server is not an option, so sayith accounting. (believe me, I TRIED.)
0
Comment
Question by:teksamurai
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
YarnoSG earned 125 total points
ID: 10869115
Do you have another box that you could TEMPORARILY make a DC?  If so, you could join this computer into the domain, promote it to DC, then DEMOTE the original box, using the temporary box as a Domain LIFEBOAT, until you can clean up and re-promote the original box.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 10869185
any domian will have a netbios domain name and a DNS domain name,, these will always be different b/c the netbios name cannot have the .com in it.  this is perfectly normal and if you have your dns and wins servers setup correctly with the proper type of records this will work fine,,, then you can get to your domain (adding new machines etc) by using either the DNS name or the netbios name.   on your second point about the domain.local....  this is an option but as you mentioned it will require you to rename your entire domain which to the best of my knowledge requires you to lose all of your domain info like you mentioned,,, yes there is probably a work around if you are dead set on renaming your dns  domain to domain.local,, but this isn’t necessary at all… If your dns is set up correctly you can have your internal domain dns domain name the same as your external registered domain.com name,,,, this is how mine is set up and it works fine.. the trick is to have proper DNS settings.  Basically have all of your internal clients point to an internal dns server with private mappings so your internal clients can connect to internal servers… if an external client needs to get to your servers,, they will get the proper DNS info from your ISPs DNS servers since you don’t host your own. This system has been working fine for me and it will prevent you from having to redo your AD.
0
 
LVL 1

Author Comment

by:teksamurai
ID: 10879743
Thank you all for your comments. Please keep them coming.

mikeleebrla,
#1
I understand what you are saying about the netbios and domain name being different. But in this case, it is a little different.
The domain is dog.com
The netbios is server
I wouldn't have a problem if the netbios was "dog".

#2
We are running a DNS server that is thinks that it is hosting the domain for dog.com and the DNS entries are FUBAR. My internal clients can not get to our own website(Which is hosted with an outside provider along with the domain). This is one of the reasons that i want to change the domain to be dog.local, rather than dog.com.

I was afraid that i would just have to rebuild the AD and DNS from scratch. i was looking for a way to save myself that pain.

Thank you
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 10879921
why couldn't your inside clients get to your own website??  If DNS was set up correctly they could. is your web server on your lan or not?  
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now