We help IT Professionals succeed at work.

Demote DC and what happens to folder level security?

DAMAdmin asked
Last Modified: 2008-03-04
I have had a mixed enviroment, 2000 and 2003. In the past 2 weeks i have straighed out all my FSMO roles on two 2003 AD servers. All the roles are looking good and seem to be as they should.

The last win 2000 DC is on the list to be demoted, however, it has all of our file shares on it. I am wondering what will happen to the folder level security? And if there is a way to preserve those attributes and demote the server?

Thank you
Watch Question

This one is on us!
(Get your first solution completely free - no credit card required)

Make sure your global catalog has also been moved:

How To Create or Move a Global Catalog in Windows 2000 (it is same on
Windows 2003)

Sometimes when demoting a DC they lose "security" for the domain, by that I mean that the AD security is not recognized correctly.  There are several fixes to correct this, but I have found the simplest method was to pull the server from the domain, then re-add the server back into domain.  Again...this is **ONLY** if the security is not working right->on the security tab you see SID's instead of group or usernames for active directory users and groups.
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.