Solved

Cant completely remove windows 2003 domain controller after demoting it using dcpromo

Posted on 2013-11-21
7
447 Views
Last Modified: 2013-11-24
Hello,

I have successfully added a new windows 2008 r2 domain controller to my existing domain/forest.

Before this DC was introduced, I had only one Root windows 2003 DC and I have transferred all fsmo rolls and waited 6 weeks before disjoing it from the domain and physically removing
it.

I then upgraded my domain to windows 2008 r2 domain and forest functional level.

okay, now I am having wiered issues with Group Policy where my policies wont apply to groups but only single user accounts!

I have another thread opened called "Cant Get My Screen Saver to work right" and after much trouble shooting on that thread, I have come to the realization that my issue has greatly to do with the fact that my windows 2003 DC has not been completely removed from AD or where ever it may still have a trace.  

I need help.

I have done the following:

I have just recently gone through my DNS on my Win 2008 R2 DC and completely removed all traces of the old win 2003 server from EVERYWHERE.

what else should I do?

I never ran ntdsutil to remove the meta data from the win2003 dc before physically removing it.  I hope there is still another way I can completely remove any and all traces of this damn server.

please help

thanks
0
Comment
Question by:jblanc03
  • 3
  • 2
7 Comments
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 39667007
I have come to the realization that my issue has greatly to do with the fact that my windows 2003 DC has not been completely removed from AD or where ever it may still have a trace.  

HOW?  HOW have you come to this realization?  What led you to believe this is because of the 2003 system and not because of another reason?  Were there event log entries?  Did something say it was having trouble reaching the 2003 DC?

Have you checked the health of the AD using DCDIAG?  Have you confirmed your clients aren't still using the IP address of the removed DC for DNS?  Did you remember to make the new DC(s) Global Catalog servers?
0
 

Author Comment

by:jblanc03
ID: 39667371
sorry please understand that in my other thread i did and explained all this and thats why i dont feel like repeating myself.

here have a look

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_28291264.html
0
 

Author Comment

by:jblanc03
ID: 39667397
to answer your question,

nothing is really telling me that its having trouble reaching the 2003 DC, its just that i cant think of what else might be causing the problem im having.

Right now i just added a new win 2008 R2 DC into my existing domain.

now i have 2 win 2008 r2 DC's in my forest.

Im gonna play around with Group Policy and see if i am still having the issues.
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:jblanc03
ID: 39667434
basically my real issue is My screen Saver GPO is not applying to User Groups only Single User accounts.

If you read my other thread
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Q_28291264.html

you will see all the trouble shooting that has been done.
0
 
LVL 8

Expert Comment

by:Esteban Blanco
ID: 39667698
Wow.  The response was not very nice in my opinion.  I spent days with him on this leew.  I asked for logs to see if we could find out why this was happening.  We looked at several avenues.  Read the thread and enlighten us please because I see you are very good at what you do and you have proven results.  So help us here.

I asked him if all of the FSMO roles had been moved.  I asked for logs.  I told him to use a test machine and rejoin it to the domain.  I asked him to create a separate OU and GPO for the specific screensaver.  I asked him to send me screenshots.  I showed him best practices articles used in my company when we setup clients.  I requested for others to chime in and another expert agreed that the 2003 server could be part of the issue.  I asked if the machines were hard coded to the other server.  So that is HOW he came to that conclusion.  I hope that clears it up.

Now; can you help him leew?  I would love to learn as well and put a new trick in my toolbox.
0
 
LVL 8

Accepted Solution

by:
Esteban Blanco earned 500 total points
ID: 39668998
The fix was to take the extra screen saver policy and apply it to the default domain policy instead. The environment is 10 computer. No need to have a specific GPO for it when you can do it at the top level.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now