Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cant completely remove windows 2003 domain controller after demoting it using dcpromo

Posted on 2013-11-21
7
Medium Priority
?
478 Views
Last Modified: 2013-11-24
Hello,

I have successfully added a new windows 2008 r2 domain controller to my existing domain/forest.

Before this DC was introduced, I had only one Root windows 2003 DC and I have transferred all fsmo rolls and waited 6 weeks before disjoing it from the domain and physically removing
it.

I then upgraded my domain to windows 2008 r2 domain and forest functional level.

okay, now I am having wiered issues with Group Policy where my policies wont apply to groups but only single user accounts!

I have another thread opened called "Cant Get My Screen Saver to work right" and after much trouble shooting on that thread, I have come to the realization that my issue has greatly to do with the fact that my windows 2003 DC has not been completely removed from AD or where ever it may still have a trace.  

I need help.

I have done the following:

I have just recently gone through my DNS on my Win 2008 R2 DC and completely removed all traces of the old win 2003 server from EVERYWHERE.

what else should I do?

I never ran ntdsutil to remove the meta data from the win2003 dc before physically removing it.  I hope there is still another way I can completely remove any and all traces of this damn server.

please help

thanks
0
Comment
Question by:JB Blanco
  • 3
  • 2
7 Comments
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 39667007
I have come to the realization that my issue has greatly to do with the fact that my windows 2003 DC has not been completely removed from AD or where ever it may still have a trace.  

HOW?  HOW have you come to this realization?  What led you to believe this is because of the 2003 system and not because of another reason?  Were there event log entries?  Did something say it was having trouble reaching the 2003 DC?

Have you checked the health of the AD using DCDIAG?  Have you confirmed your clients aren't still using the IP address of the removed DC for DNS?  Did you remember to make the new DC(s) Global Catalog servers?
0
 

Author Comment

by:JB Blanco
ID: 39667371
sorry please understand that in my other thread i did and explained all this and thats why i dont feel like repeating myself.

here have a look

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_28291264.html
0
 

Author Comment

by:JB Blanco
ID: 39667397
to answer your question,

nothing is really telling me that its having trouble reaching the 2003 DC, its just that i cant think of what else might be causing the problem im having.

Right now i just added a new win 2008 R2 DC into my existing domain.

now i have 2 win 2008 r2 DC's in my forest.

Im gonna play around with Group Policy and see if i am still having the issues.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:JB Blanco
ID: 39667434
basically my real issue is My screen Saver GPO is not applying to User Groups only Single User accounts.

If you read my other thread
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_28291264.html

you will see all the trouble shooting that has been done.
0
 
LVL 8

Expert Comment

by:Esteban Blanco
ID: 39667698
Wow.  The response was not very nice in my opinion.  I spent days with him on this leew.  I asked for logs to see if we could find out why this was happening.  We looked at several avenues.  Read the thread and enlighten us please because I see you are very good at what you do and you have proven results.  So help us here.

I asked him if all of the FSMO roles had been moved.  I asked for logs.  I told him to use a test machine and rejoin it to the domain.  I asked him to create a separate OU and GPO for the specific screensaver.  I asked him to send me screenshots.  I showed him best practices articles used in my company when we setup clients.  I requested for others to chime in and another expert agreed that the 2003 server could be part of the issue.  I asked if the machines were hard coded to the other server.  So that is HOW he came to that conclusion.  I hope that clears it up.

Now; can you help him leew?  I would love to learn as well and put a new trick in my toolbox.
0
 
LVL 8

Accepted Solution

by:
Esteban Blanco earned 2000 total points
ID: 39668998
The fix was to take the extra screen saver policy and apply it to the default domain policy instead. The environment is 10 computer. No need to have a specific GPO for it when you can do it at the top level.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Suggested Courses

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question