[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Disassemble Windows 2000 Domain

Posted on 2008-02-01
12
Medium Priority
?
243 Views
Last Modified: 2013-12-05
I work as a self employed PC Repair Technician. My client is a former business owner who wants me to disassemble his windows 2000 domain and replace it with a workgroup for all of his familie's computers. In the past I changed a laptop from "domain" to "workgroup" and I could no longer log onto the laptop. Wanting to avoid this with his laptops, I'm looking for detailed instructions on how to take apart the entire network - I have access to everything, including passwords. Clients all run XP Pro.
0
Comment
Question by:Bob_Schmidt
  • 5
  • 5
  • 2
12 Comments
 
LVL 5

Expert Comment

by:sliiconman
ID: 20798859
Well for the clients just create a local account or even change the administrator password for the local machine. That will give you access as long as you do not have any fancy scripts taht do not change passwords.

Are there files to contend with? Does he still want access to the server or the internet?
0
 

Author Comment

by:Bob_Schmidt
ID: 20799178
He does have files on the machines that he wants to keep. I played with one machine yesterday. It's now his daughter's school PC. She had administrator rights with her password. I was able to see both her account and the administrator account. I removed the administrator password so that it's now (blank) however it asked me to reboot in order to have access to changing her password. I didn't do so for fear I might not be able to get back in.
0
 
LVL 5

Accepted Solution

by:
DCenaculo earned 150 total points
ID: 20799188
when you log on on each laptop you may choose to logon locally or to the domain. First be sure that you can logon locally (not to the domain) in every laptop as an administrator. If you can't do that you can always look for a startup disk that will break the local administrator account and gives you the possibility to create a new one.

If there is some DNS internal in use on that 2000 server, see if it is integrated with active directory. If so, you must first make that DNS a normal DNS: convert dns to primary zone (uncheck integrate with active directory)

At last you should run dcpromo to demote the windows 2000 domain controller.
See this link (How to promote and demote domain controllers in Windows 2000):
http://support.microsoft.com/kb/238369/en-us

all laptops and the server should have the same workgroup name
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 

Author Comment

by:Bob_Schmidt
ID: 20799207
For the actual server, he wants to use it as a print server. We've already set up a Linksys WEP system for Internet access. That's working for all of the laptops. Just haven't taken the steps necessary to set up the workgroup and sharing privileges - again, looking for a detailed guide.
0
 
LVL 5

Expert Comment

by:DCenaculo
ID: 20799244
You can try to logon locally on any desktop as administrator. If you can do thad you can safely remove that machine from the domain. If you have the domain administrator password, you can always add that machine to the domain again if you decide to do that. You must be sure that you have the local administrator password and that is not the domain administrator password. You have to logon using administrator account, administrator password and the domain must be the name of the laptop and not the windows domain.
0
 
LVL 5

Expert Comment

by:DCenaculo
ID: 20799278
After you run dcpromo on the 2000 server to demote it, it will be just a member of the workgroup as the laptops. Knowing its administrator password as you know, you will just have to create those shares you mentioned with the right permissions for security purposes.
0
 

Author Comment

by:Bob_Schmidt
ID: 20799300
"DCenaculo: You can try to logon locally on any desktop as administrator. If you can do thad you can safely remove that machine from the domain." - It looks like I can logon locally to the laptops, individually, as administrator.  Are you saying that, after doing so, I can just switch from "domain" to "workgroup" under, "my computer," and I'll be OK? - and I can login again after re-booting?
0
 
LVL 5

Expert Comment

by:sliiconman
ID: 20799379
All those are good tips. Please, PLEASE!! do not use WEP as your encryption. It is not  safe or considered a secure conection, takes about 5 minutes to break.. use at least WPA for encryption.. PLEASE !!!
0
 
LVL 5

Expert Comment

by:DCenaculo
ID: 20804644
Yes, you will do the logon without any kind of problem, but it will be a local logon. To access resources on other machines you will have to use their shres or provide user and password to access them. But as far as I see, that part you already know.

To make the 2000server a normal machiche you must demote it. Use DCPROMO command on it as I told on one on the last comments.
If you need more explanations, plese feel free to ask :)
0
 
LVL 5

Assisted Solution

by:DCenaculo
DCenaculo earned 150 total points
ID: 20804672
After you remove those machines from the domain into a workgroup, you can always add them again if you know the domain administrator password, and everything will work well again. This way you may do some tests before you demote de 2000 server from domain controller to a standar workgroup server.
0
 

Author Comment

by:Bob_Schmidt
ID: 20817068
At this stage, DCenaculo has been a font of information that I'll need. Unfortunately, a separate barrier has arisen, preventing me from getting to the system in order to verify the solution. It may take up to two weeks. I am extremely grateful and will post a solution acceptance as soon as I've implemented your instructions. Thanks,
0
 

Author Closing Comment

by:Bob_Schmidt
ID: 31427227
The solutions sounds complete but, because it's for a client, I won't be able to implement it for another month. At this point, I feel there's clear direction for me to proceed at that time.
0

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
There may be issues when you are trying to access Outlook or send & receive emails or due to Outlook crash which leads to corrupt or damaged PST file. To eliminate the corruption from your PST file, you need to repair the corrupt Outlook PST file. U…
Suggested Courses

608 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question