Solved

Cant completely remove windows 2003 domain controller after demoting it using dcpromo

Posted on 2013-11-21
7
450 Views
Last Modified: 2013-11-24
Hello,

I have successfully added a new windows 2008 r2 domain controller to my existing domain/forest.

Before this DC was introduced, I had only one Root windows 2003 DC and I have transferred all fsmo rolls and waited 6 weeks before disjoing it from the domain and physically removing
it.

I then upgraded my domain to windows 2008 r2 domain and forest functional level.

okay, now I am having wiered issues with Group Policy where my policies wont apply to groups but only single user accounts!

I have another thread opened called "Cant Get My Screen Saver to work right" and after much trouble shooting on that thread, I have come to the realization that my issue has greatly to do with the fact that my windows 2003 DC has not been completely removed from AD or where ever it may still have a trace.  

I need help.

I have done the following:

I have just recently gone through my DNS on my Win 2008 R2 DC and completely removed all traces of the old win 2003 server from EVERYWHERE.

what else should I do?

I never ran ntdsutil to remove the meta data from the win2003 dc before physically removing it.  I hope there is still another way I can completely remove any and all traces of this damn server.

please help

thanks
0
Comment
Question by:JB Blanco
  • 3
  • 2
7 Comments
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 39667007
I have come to the realization that my issue has greatly to do with the fact that my windows 2003 DC has not been completely removed from AD or where ever it may still have a trace.  

HOW?  HOW have you come to this realization?  What led you to believe this is because of the 2003 system and not because of another reason?  Were there event log entries?  Did something say it was having trouble reaching the 2003 DC?

Have you checked the health of the AD using DCDIAG?  Have you confirmed your clients aren't still using the IP address of the removed DC for DNS?  Did you remember to make the new DC(s) Global Catalog servers?
0
 

Author Comment

by:JB Blanco
ID: 39667371
sorry please understand that in my other thread i did and explained all this and thats why i dont feel like repeating myself.

here have a look

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_28291264.html
0
 

Author Comment

by:JB Blanco
ID: 39667397
to answer your question,

nothing is really telling me that its having trouble reaching the 2003 DC, its just that i cant think of what else might be causing the problem im having.

Right now i just added a new win 2008 R2 DC into my existing domain.

now i have 2 win 2008 r2 DC's in my forest.

Im gonna play around with Group Policy and see if i am still having the issues.
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 

Author Comment

by:JB Blanco
ID: 39667434
basically my real issue is My screen Saver GPO is not applying to User Groups only Single User accounts.

If you read my other thread
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_28291264.html

you will see all the trouble shooting that has been done.
0
 
LVL 8

Expert Comment

by:Esteban Blanco
ID: 39667698
Wow.  The response was not very nice in my opinion.  I spent days with him on this leew.  I asked for logs to see if we could find out why this was happening.  We looked at several avenues.  Read the thread and enlighten us please because I see you are very good at what you do and you have proven results.  So help us here.

I asked him if all of the FSMO roles had been moved.  I asked for logs.  I told him to use a test machine and rejoin it to the domain.  I asked him to create a separate OU and GPO for the specific screensaver.  I asked him to send me screenshots.  I showed him best practices articles used in my company when we setup clients.  I requested for others to chime in and another expert agreed that the 2003 server could be part of the issue.  I asked if the machines were hard coded to the other server.  So that is HOW he came to that conclusion.  I hope that clears it up.

Now; can you help him leew?  I would love to learn as well and put a new trick in my toolbox.
0
 
LVL 8

Accepted Solution

by:
Esteban Blanco earned 500 total points
ID: 39668998
The fix was to take the extra screen saver policy and apply it to the default domain policy instead. The environment is 10 computer. No need to have a specific GPO for it when you can do it at the top level.
0

Featured Post

Are your corporate email signatures appalling?

Is it scary how unprofessional your email signatures look? Do users create their own terrible designs and give themselves stupid job titles? You can make this a lot easier for yourself by choosing an email signature management solution from Exclaimer today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now