Preserve the user accounts and security groups during a win2ksrv(dc) demotion?
I have recently taken over the network administration duties at the company that i work for. I now understand why the network never seemed to work. Its a nightmare. I need some help.
I have a Dell server running Windows 2000 Server(DC). We do have a domain and it is registered. (We are not hosting the DNS for the domain on our server though.) I have managed to clean-up a lot of the mess by uninstalling unused services (Media Services, RIP, etc.) This has given us back a lot of resources.
Problems:
1. The NetBIOS and Domain names are different.
2. The domain is set as domain.com as if we were hosting it. It should be domain.local
3. I need to preserve the user accounts and passwords
The answer that i see to my first two problems is that i need to demote the server to a member server. Then promote it back to being the DC. I think that will erase the domain user accounts, security groups, and all other domain level configurations. Is there a way to preserve the user accounts and security groups during a win2ksrv(dc) demotion?
A new server is not an option, so sayith accounting. (believe me, I TRIED.)
I have a Dell server running Windows 2000 Server(DC). We do have a domain and it is registered. (We are not hosting the DNS for the domain on our server though.) I have managed to clean-up a lot of the mess by uninstalling unused services (Media Services, RIP, etc.) This has given us back a lot of resources.
Problems:
1. The NetBIOS and Domain names are different.
2. The domain is set as domain.com as if we were hosting it. It should be domain.local
3. I need to preserve the user accounts and passwords
The answer that i see to my first two problems is that i need to demote the server to a member server. Then promote it back to being the DC. I think that will erase the domain user accounts, security groups, and all other domain level configurations. Is there a way to preserve the user accounts and security groups during a win2ksrv(dc) demotion?
A new server is not an option, so sayith accounting. (believe me, I TRIED.)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
mikeleebrla
any domian will have a netbios domain name and a DNS domain name,, these will always be different b/c the netbios name cannot have the .com in it. this is perfectly normal and if you have your dns and wins servers setup correctly with the proper type of records this will work fine,,, then you can get to your domain (adding new machines etc) by using either the DNS name or the netbios name. on your second point about the domain.local.... this is an option but as you mentioned it will require you to rename your entire domain which to the best of my knowledge requires you to lose all of your domain info like you mentioned,,, yes there is probably a work around if you are dead set on renaming your dns domain to domain.local,, but this isn’t necessary at all… If your dns is set up correctly you can have your internal domain dns domain name the same as your external registered domain.com name,,,, this is how mine is set up and it works fine.. the trick is to have proper DNS settings. Basically have all of your internal clients point to an internal dns server with private mappings so your internal clients can connect to internal servers… if an external client needs to get to your servers,, they will get the proper DNS info from your ISPs DNS servers since you don’t host your own. This system has been working fine for me and it will prevent you from having to redo your AD.
ASKER
Thank you all for your comments. Please keep them coming.
mikeleebrla,
#1
I understand what you are saying about the netbios and domain name being different. But in this case, it is a little different.
The domain is dog.com
The netbios is server
I wouldn't have a problem if the netbios was "dog".
#2
We are running a DNS server that is thinks that it is hosting the domain for dog.com and the DNS entries are FUBAR. My internal clients can not get to our own website(Which is hosted with an outside provider along with the domain). This is one of the reasons that i want to change the domain to be dog.local, rather than dog.com.
I was afraid that i would just have to rebuild the AD and DNS from scratch. i was looking for a way to save myself that pain.
Thank you
mikeleebrla,
#1
I understand what you are saying about the netbios and domain name being different. But in this case, it is a little different.
The domain is dog.com
The netbios is server
I wouldn't have a problem if the netbios was "dog".
#2
We are running a DNS server that is thinks that it is hosting the domain for dog.com and the DNS entries are FUBAR. My internal clients can not get to our own website(Which is hosted with an outside provider along with the domain). This is one of the reasons that i want to change the domain to be dog.local, rather than dog.com.
I was afraid that i would just have to rebuild the AD and DNS from scratch. i was looking for a way to save myself that pain.
Thank you
why couldn't your inside clients get to your own website?? If DNS was set up correctly they could. is your web server on your lan or not?