Solved

Preserve the user accounts and security groups during a win2ksrv(dc) demotion?

Posted on 2004-04-20
4
213 Views
Last Modified: 2010-04-13
I have recently taken over the network administration duties at the company that i work for. I now understand why the network never seemed to work. Its a nightmare. I need some help.

I have a Dell server running Windows 2000 Server(DC). We do have a domain and it is registered. (We are not hosting the DNS for the domain on our server though.)  I have managed to clean-up a lot of the mess by uninstalling unused services (Media Services, RIP, etc.) This has given us back a lot of resources.

Problems:
1.   The NetBIOS and Domain names are different.
2.   The domain is set as domain.com as if we were hosting it. It should be domain.local
3.   I need to preserve the user accounts and passwords

The answer that i see to my first two problems is that i need to demote the server to a member server. Then promote it back to being the DC. I think that will erase the domain user accounts, security groups, and all other domain level configurations. Is there a way to preserve the user accounts and security groups during a win2ksrv(dc) demotion?

A new server is not an option, so sayith accounting. (believe me, I TRIED.)
0
Comment
Question by:teksamurai
  • 2
4 Comments
 
LVL 7

Accepted Solution

by:
YarnoSG earned 125 total points
ID: 10869115
Do you have another box that you could TEMPORARILY make a DC?  If so, you could join this computer into the domain, promote it to DC, then DEMOTE the original box, using the temporary box as a Domain LIFEBOAT, until you can clean up and re-promote the original box.
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 10869185
any domian will have a netbios domain name and a DNS domain name,, these will always be different b/c the netbios name cannot have the .com in it.  this is perfectly normal and if you have your dns and wins servers setup correctly with the proper type of records this will work fine,,, then you can get to your domain (adding new machines etc) by using either the DNS name or the netbios name.   on your second point about the domain.local....  this is an option but as you mentioned it will require you to rename your entire domain which to the best of my knowledge requires you to lose all of your domain info like you mentioned,,, yes there is probably a work around if you are dead set on renaming your dns  domain to domain.local,, but this isn’t necessary at all… If your dns is set up correctly you can have your internal domain dns domain name the same as your external registered domain.com name,,,, this is how mine is set up and it works fine.. the trick is to have proper DNS settings.  Basically have all of your internal clients point to an internal dns server with private mappings so your internal clients can connect to internal servers… if an external client needs to get to your servers,, they will get the proper DNS info from your ISPs DNS servers since you don’t host your own. This system has been working fine for me and it will prevent you from having to redo your AD.
0
 
LVL 1

Author Comment

by:teksamurai
ID: 10879743
Thank you all for your comments. Please keep them coming.

mikeleebrla,
#1
I understand what you are saying about the netbios and domain name being different. But in this case, it is a little different.
The domain is dog.com
The netbios is server
I wouldn't have a problem if the netbios was "dog".

#2
We are running a DNS server that is thinks that it is hosting the domain for dog.com and the DNS entries are FUBAR. My internal clients can not get to our own website(Which is hosted with an outside provider along with the domain). This is one of the reasons that i want to change the domain to be dog.local, rather than dog.com.

I was afraid that i would just have to rebuild the AD and DNS from scratch. i was looking for a way to save myself that pain.

Thank you
0
 
LVL 25

Expert Comment

by:mikeleebrla
ID: 10879921
why couldn't your inside clients get to your own website??  If DNS was set up correctly they could. is your web server on your lan or not?  
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Print Server: How to Create it? 1 764
kerberos errors 7 549
Need the Best Data Leakage Protection (Cloud Based) 1 358
DNS server query - zone verus cache 5 182
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The question appears often enough, how do I transfer my data from my old server to the new server while preserving file shares, share permissions, and NTFS permisions.  Here are my tips for handling such a transfer.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question