asked on Cant completely remove windows 2003 domain controller after demoting it using dcpromo
Hello,
I have successfully added a new windows 2008 r2 domain controller to my existing domain/forest.
Before this DC was introduced, I had only one Root windows 2003 DC and I have transferred all fsmo rolls and waited 6 weeks before disjoing it from the domain and physically removing
it.
I then upgraded my domain to windows 2008 r2 domain and forest functional level.
okay, now I am having wiered issues with Group Policy where my policies wont apply to groups but only single user accounts!
I have another thread opened called "Cant Get My Screen Saver to work right" and after much trouble shooting on that thread, I have come to the realization that my issue has greatly to do with the fact that my windows 2003 DC has not been completely removed from AD or where ever it may still have a trace.
I need help.
I have done the following:
I have just recently gone through my DNS on my Win 2008 R2 DC and completely removed all traces of the old win 2003 server from EVERYWHERE.
what else should I do?
I never ran ntdsutil to remove the meta data from the win2003 dc before physically removing it. I hope there is still another way I can completely remove any and all traces of this damn server.
please help
thanks
I have successfully added a new windows 2008 r2 domain controller to my existing domain/forest.
Before this DC was introduced, I had only one Root windows 2003 DC and I have transferred all fsmo rolls and waited 6 weeks before disjoing it from the domain and physically removing
it.
I then upgraded my domain to windows 2008 r2 domain and forest functional level.
okay, now I am having wiered issues with Group Policy where my policies wont apply to groups but only single user accounts!
I have another thread opened called "Cant Get My Screen Saver to work right" and after much trouble shooting on that thread, I have come to the realization that my issue has greatly to do with the fact that my windows 2003 DC has not been completely removed from AD or where ever it may still have a trace.
I need help.
I have done the following:
I have just recently gone through my DNS on my Win 2008 R2 DC and completely removed all traces of the old win 2003 server from EVERYWHERE.
what else should I do?
I never ran ntdsutil to remove the meta data from the win2003 dc before physically removing it. I hope there is still another way I can completely remove any and all traces of this damn server.
please help
thanks
Windows Server 2008Microsoft Server OSMicrosoft Legacy OS
Last Comment
Esteban Blanco
ASKER
sorry please understand that in my other thread i did and explained all this and thats why i dont feel like repeating myself.
here have a look
https://www.experts-exchange.com/questions/28291264/Cant-Get-my-Screen-Saver-Timeout-Group-Policy-to-work-right.html
here have a look
https://www.experts-exchange.com/questions/28291264/Cant-Get-my-Screen-Saver-Timeout-Group-Policy-to-work-right.html
ASKER
to answer your question,
nothing is really telling me that its having trouble reaching the 2003 DC, its just that i cant think of what else might be causing the problem im having.
Right now i just added a new win 2008 R2 DC into my existing domain.
now i have 2 win 2008 r2 DC's in my forest.
Im gonna play around with Group Policy and see if i am still having the issues.
nothing is really telling me that its having trouble reaching the 2003 DC, its just that i cant think of what else might be causing the problem im having.
Right now i just added a new win 2008 R2 DC into my existing domain.
now i have 2 win 2008 r2 DC's in my forest.
Im gonna play around with Group Policy and see if i am still having the issues.
ASKER
basically my real issue is My screen Saver GPO is not applying to User Groups only Single User accounts.
If you read my other thread
https://www.experts-exchange.com/questions/28291264/Cant-Get-my-Screen-Saver-Timeout-Group-Policy-to-work-right.html
you will see all the trouble shooting that has been done.
If you read my other thread
https://www.experts-exchange.com/questions/28291264/Cant-Get-my-Screen-Saver-Timeout-Group-Policy-to-work-right.html
you will see all the trouble shooting that has been done.
Wow. The response was not very nice in my opinion. I spent days with him on this leew. I asked for logs to see if we could find out why this was happening. We looked at several avenues. Read the thread and enlighten us please because I see you are very good at what you do and you have proven results. So help us here.
I asked him if all of the FSMO roles had been moved. I asked for logs. I told him to use a test machine and rejoin it to the domain. I asked him to create a separate OU and GPO for the specific screensaver. I asked him to send me screenshots. I showed him best practices articles used in my company when we setup clients. I requested for others to chime in and another expert agreed that the 2003 server could be part of the issue. I asked if the machines were hard coded to the other server. So that is HOW he came to that conclusion. I hope that clears it up.
Now; can you help him leew? I would love to learn as well and put a new trick in my toolbox.
I asked him if all of the FSMO roles had been moved. I asked for logs. I told him to use a test machine and rejoin it to the domain. I asked him to create a separate OU and GPO for the specific screensaver. I asked him to send me screenshots. I showed him best practices articles used in my company when we setup clients. I requested for others to chime in and another expert agreed that the 2003 server could be part of the issue. I asked if the machines were hard coded to the other server. So that is HOW he came to that conclusion. I hope that clears it up.
Now; can you help him leew? I would love to learn as well and put a new trick in my toolbox.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
HOW? HOW have you come to this realization? What led you to believe this is because of the 2003 system and not because of another reason? Were there event log entries? Did something say it was having trouble reaching the 2003 DC?
Have you checked the health of the AD using DCDIAG? Have you confirmed your clients aren't still using the IP address of the removed DC for DNS? Did you remember to make the new DC(s) Global Catalog servers?