DAMAdmin
asked on
Demote DC and what happens to folder level security?
I have had a mixed enviroment, 2000 and 2003. In the past 2 weeks i have straighed out all my FSMO roles on two 2003 AD servers. All the roles are looking good and seem to be as they should.
The last win 2000 DC is on the list to be demoted, however, it has all of our file shares on it. I am wondering what will happen to the folder level security? And if there is a way to preserve those attributes and demote the server?
Thank you
The last win 2000 DC is on the list to be demoted, however, it has all of our file shares on it. I am wondering what will happen to the folder level security? And if there is a way to preserve those attributes and demote the server?
Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
How To Create or Move a Global Catalog in Windows 2000 (it is same on
Windows 2003)
http://support.microsoft.com/?kbid=313994
Sometimes when demoting a DC they lose "security" for the domain, by that I mean that the AD security is not recognized correctly. There are several fixes to correct this, but I have found the simplest method was to pull the server from the domain, then re-add the server back into domain. Again...this is **ONLY** if the security is not working right->on the security tab you see SID's instead of group or usernames for active directory users and groups.