Domain Controller Removal Problem

Assuming your SBS 2003 server has all of the FSMO roles (you'd know if it didn't, as it would start rebooting itself), you should be able to do a "dcpromo /forceremoval" on the 2000 server, then perform a metadata cleanup on the SBS server to remove any lingering traces of it from AD:

http://support.microsoft.com/kb/216498

Forgot to add that, as is the case whenever you're making big changes, it wouldn't hurt to take a full backup (with system state) of the SBS 2003 server before doing anything.

If your SBS 2003 has not been in production stage I recommend to re create it and then use migration tool to migrate from windows 200 to SBS 2003 active diretory.(Active Directory Migration Tool v3.0).
If it is small number of users (10 or less) you may recreate all the objects (user, printers, etc )on the new server and you just have to recrete user profile on the new server.(disjoint from old domain and join to new domain)

I'm wondering if the 2000 server still thinks its the DC?

this from

http://support.microsoft.com/kb/332199


Windows 2000 domain controllers
Install the Q332199 hotfix on a Windows 2000 domain controller that is running Service Pack 2 (SP2) or a later version, or install Windows 2000 Service Pack 4 (SP4). SP2 and later versions support forced demotion. Then, restart your computer.
Click Start, click Run, and then type the following command:
dcpromo /forceremoval
Click OK.
At the Welcome to the Active Directory Installation Wizard page, click Next.
If the computer that you are removing is a global catalog server, click OK in the message window.

Note Promote additional global catalogs in the forest or in the site if the domain controller that you are demoting is a global catalog server, as needed.
At the Remove Active Directory page, make sure that the This server is the last domain controller in the domain check box is cleared, and then click Next.
At the Network Credentials page, type the name, password, and domain name for a user account with enterprise administrator credentials in the forest, and then click Next.
In Administrator Password, type the password and confirmed password that you want to assign to the Administrator account of the local SAM database, and then click Next.
On the Summary page, click Next.
Perform a metadata cleanup for the demoted domain controller on a surviving domain controller in the forest.
If you removed a domain from the forest by using the remove selected domain command in Ntdsutil, verify that all the domain controllers and the global catalog servers in the forest have removed all the objects and the references to the domain that you just removed before you promote a new domain into the same forest with the same domain name. Tools such as Replmon.exe or Repadmin.exe from Windows 2000 Support Tools may help you determine whether end-to-end replication has occurred. Windows 2000 SP3 and earlier global catalog servers are noticeably slower to remove objects and naming contexts than Windows Server 2003 is.

If I run a dcpromo /forceremoval will that leave the domain intact as there are 2 other servers in this domain?

Yes, it will.  There's a checkbox for "This is the last DC in this domain" or something similar.  Leave that unchecked.

When  I do the dcpromo /forceremoval command the "this is the last domain" checkbox is not aviable?

Ah, OK.  No problem, then.  Just keep going.  All the "/forceremoval" does is remove AD components from that server without trying to contact other DCs in the domain.

Ok server removed just going to do the metadata cleanup but do I need to do anything on the SBS machine to tell it to now be the dc?

It should already be "the" DC.  That's one of the requirements of SBS.  If it's been up and running for a while, you're OK, because it would have started rebooting itself after a few days of not being a DC or not holding all of the FSMO roles.  You can check to make sure it's got them all if you'd like, though:

http://support.microsoft.com/kb/324801

Yes its been on the domain for ages with no problems. I did transfer the FSMO roles over earlier today.

Tried running the metadata cleanup but this is what I get
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

H:\>ntdsutil
ntdsutil: metadata cleanup
metadata cleanup: remove selected server fleetserv.croydon.fleetline.co.uk
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001BA, problem 2006 (B
AD_NAME), data 8350, best match of:
        'CN=Ntds Settings,fleetserv.croydon.fleetline.co.uk'

Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the DC (5). Please use the connection m
enu to specify it.
Disconnecting from localhost...
metadata cleanup:

Go through the whole metadata cleanup process one line at a time rather than trying to do it all in one command.

Now if I try to logon to the sbs server it gives me an error saying the domain is no longer available?

Aren't you already logged onto the SBS server, or did you perform the metadata cleanup from another machine?

i was trying to do the metadata from another machine I still havent been able to complete this, do you think this is why I cant logon to the domain on the sbs server?

I'm not sure - I may have made some assumptions about your SBS server that are turning out to be incorrect.  It seems that your SBS server is not a global catalog, and the 2000 server was the only GC in the domain.  Even without a GC, the Administrator account should still be able to log onto the SBS 2003 server.  Are you able to do this?  If so, open AD Sites and Services and make it a GC by following these instructions:

http://support.microsoft.com/kb/313994

I had changed the global catalog to the sbs server earlier in the day but im ot 100% sure if it had worked or not? Does it matter what machine I run the metadata cleanup on?

It shouldn't matter what machine it's run on, although Server 2003 SP1 made the process a little easier (it does more of the work for you behind-the-scenes).

ok right im running the clean up process and when i get to connect to server i just type the name of the server I have removed but I get an error saying there are no more endpoints available from the endpoint mapper?

The last time I saw a "No more endpoints" error, it was due to a firewall running on the DC in question.  (This wasn't during a metadata cleanup, though.)  Are you still running the cleanup from a machine other than the SBS server?  Are you able to log on locally to the SBS server at all?  If the second answer is yes, I'd recommend running the cleanup from there.

right I managed to use the connect to server local host command and remove the old server from there and can now log on to the dbd server which is great thanks! But i do think I need to tidy up DNS now as getting some errors while connect a pc?
Thanks for all your help you have been great

Yeah, DNS may be a mess after that.  Just make sure you remove any records that refer to the 2000 server.

Right even though I can logon to the 2003 machine (made a mistake its not an sbs server just standard 2003 was a long day yesterday!!!) it doeant appear to be running as a global catalogue as if I run a dcdiag it says all GC's are down but I have checked and the server does have a tick in the correct place within ad sites and services. I have a feeling that the domain still believes that the older server is the primary domain controller?
Any ideas would be great!!! Thanks!

Hi thanks for all your help managed to get it sorted in the end you was a big help thanks!

What was the solution? There appears to be none.