Disassemble Windows 2000 Domain

I work as a self employed PC Repair Technician. My client is a former business owner who wants me to disassemble his windows 2000 domain and replace it with a workgroup for all of his familie's computers. In the past I changed a laptop from "domain" to "workgroup" and I could no longer log onto the laptop. Wanting to avoid this with his laptops, I'm looking for detailed instructions on how to take apart the entire network - I have access to everything, including passwords. Clients all run XP Pro.
Bob_SchmidtAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sliiconmanCommented:
Well for the clients just create a local account or even change the administrator password for the local machine. That will give you access as long as you do not have any fancy scripts taht do not change passwords.

Are there files to contend with? Does he still want access to the server or the internet?
0
Bob_SchmidtAuthor Commented:
He does have files on the machines that he wants to keep. I played with one machine yesterday. It's now his daughter's school PC. She had administrator rights with her password. I was able to see both her account and the administrator account. I removed the administrator password so that it's now (blank) however it asked me to reboot in order to have access to changing her password. I didn't do so for fear I might not be able to get back in.
0
DCenaculoCommented:
when you log on on each laptop you may choose to logon locally or to the domain. First be sure that you can logon locally (not to the domain) in every laptop as an administrator. If you can't do that you can always look for a startup disk that will break the local administrator account and gives you the possibility to create a new one.

If there is some DNS internal in use on that 2000 server, see if it is integrated with active directory. If so, you must first make that DNS a normal DNS: convert dns to primary zone (uncheck integrate with active directory)

At last you should run dcpromo to demote the windows 2000 domain controller.
See this link (How to promote and demote domain controllers in Windows 2000):
http://support.microsoft.com/kb/238369/en-us

all laptops and the server should have the same workgroup name
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

Bob_SchmidtAuthor Commented:
For the actual server, he wants to use it as a print server. We've already set up a Linksys WEP system for Internet access. That's working for all of the laptops. Just haven't taken the steps necessary to set up the workgroup and sharing privileges - again, looking for a detailed guide.
0
DCenaculoCommented:
You can try to logon locally on any desktop as administrator. If you can do thad you can safely remove that machine from the domain. If you have the domain administrator password, you can always add that machine to the domain again if you decide to do that. You must be sure that you have the local administrator password and that is not the domain administrator password. You have to logon using administrator account, administrator password and the domain must be the name of the laptop and not the windows domain.
0
DCenaculoCommented:
After you run dcpromo on the 2000 server to demote it, it will be just a member of the workgroup as the laptops. Knowing its administrator password as you know, you will just have to create those shares you mentioned with the right permissions for security purposes.
0
Bob_SchmidtAuthor Commented:
"DCenaculo: You can try to logon locally on any desktop as administrator. If you can do thad you can safely remove that machine from the domain." - It looks like I can logon locally to the laptops, individually, as administrator.  Are you saying that, after doing so, I can just switch from "domain" to "workgroup" under, "my computer," and I'll be OK? - and I can login again after re-booting?
0
sliiconmanCommented:
All those are good tips. Please, PLEASE!! do not use WEP as your encryption. It is not  safe or considered a secure conection, takes about 5 minutes to break.. use at least WPA for encryption.. PLEASE !!!
0
DCenaculoCommented:
Yes, you will do the logon without any kind of problem, but it will be a local logon. To access resources on other machines you will have to use their shres or provide user and password to access them. But as far as I see, that part you already know.

To make the 2000server a normal machiche you must demote it. Use DCPROMO command on it as I told on one on the last comments.
If you need more explanations, plese feel free to ask :)
0
DCenaculoCommented:
After you remove those machines from the domain into a workgroup, you can always add them again if you know the domain administrator password, and everything will work well again. This way you may do some tests before you demote de 2000 server from domain controller to a standar workgroup server.
0
Bob_SchmidtAuthor Commented:
At this stage, DCenaculo has been a font of information that I'll need. Unfortunately, a separate barrier has arisen, preventing me from getting to the system in order to verify the solution. It may take up to two weeks. I am extremely grateful and will post a solution acceptance as soon as I've implemented your instructions. Thanks,
0
Bob_SchmidtAuthor Commented:
The solutions sounds complete but, because it's for a client, I won't be able to implement it for another month. At this point, I feel there's clear direction for me to proceed at that time.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.