Win2003 VMWare DC/File server demote/promote

Posted on 2010-11-19
Last Modified: 2012-05-10
I have a 2003 DC VM that is also a file server/DNS/DHCP box.  I need to demote and promote as it was restored from an 12 day old SAN replica and is having issues replicating.  I am wondering if the demotion/promotion process will have an effect on file permissions, anything else, etc...
Question by:Humongous
  • 4
  • 2
  • 2
  • +1
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 50 total points
ID: 34176861
You should not affect the file permissions but this is why you don't use a Domain Controller for any other services like File and print sharing.

There is always the unknown

Assisted Solution

Virtalicious earned 50 total points
ID: 34176979
Technically, if you had explicitly granted permission then the SSID will still be on the object after the demotion and will work after the dcpromo.

Author Comment

ID: 34177174
Got it guys - it lived here before I moved in...  Everything I've read says it should be a piece of cake...  ;)  I have a good backup of it.  Would you suggest I do a Virtual2Virtual conversion and then try it on the new one and leave the old one intact until I've fully tested?
Backup Solution for AWS

Read about how CloudBerry Backup fully integrates your backups with Amazon S3 and Amazon Glacier to provide military-grade encryption and dramatically cut storage costs on any platform.

LVL 59

Expert Comment

by:Darius Ghassem
ID: 34177182
No you should not have an issue.

Author Comment

ID: 34177198
OK - thanks - doing it tomorrow night - at 5pm EST
LVL 57

Accepted Solution

Mike Kline earned 400 total points
ID: 34177532
So one thing to add here, if you are having replication issues you may also have issues with a graceful demotion.   If that happens you can do a

dcpromo /forceremoval
metadata cleanup

Then add back and repromote.

Does it hold any FSMO roles?

....again this is if the normal graceful demotion using dcpromo doesn't work. I only bring it up because of the replication issues you mentioned.



Author Comment

ID: 34177836
Thanks Mike - it does not hold any FSMO roles.  I will look at the link you provided.
LVL 57

Expert Comment

by:Mike Kline
ID: 34177848
no problem...and just remember those steps are a last resort if the DC doesn't demote gracefully.

Author Closing Comment

ID: 34234135
Everyone - thanks.  

Mike - thank you, it did not demote gracefully like you suggested.  That is why I gave you the most points.  Thanks!

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
GPO on certain users 17 33
Extend AD Schema to 2008 R2 after domain upgrade. 5 41
Managing Active Directory tasks 4 30
Powershell Script - Set Windows Updates 2 24
This article runs through the process of deploying a single EXE application selectively to a group of user.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question