No announcement yet.

DC removal

  • Filter
  • Time
  • Show
Clear All
new posts

  • DC removal

    I need to know if there is a safe way to prevent users from logging onto a particular DC. The plan is to demote the DC this weekend and I want to have it so that this DC will not process user logons between now and then. When I say a "safe way" I mean one that will allow me to prevent logons yet nothing else, so everything else in the domain will be accessible to users between now and then.

  • #2
    Re: DC removal


    Although that hardly matters if users are loggedon to that DC but still if you want to prevent users from login to that particular DC. Stop Netlogon service on that DC.

    Kapil Sharma
    Life is too short, Enjoy It.


    • #3
      Re: DC removal

      ...bearing in mind that this will prevent ANY logons to the DC, including by administrators. It's possible that PSTools will still be able to restart the service - or if you have a console session already open you can do it... but if you're logged off the server and stop the netlogon service you need to restart the server to get it back.

      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

      Anything you say will be misquoted and used against you


      • #4
        Re: DC removal

        Okay, thank you to both of you for the response. Let me ask a different question then. On Saturday, when I intend to dcpromo this DC down, what effect, if any, will it have on any users that are logged onto the domain that were authenticated against this DC? If the demotion will be seemless to them and not cause any loss of services then I may not worry about it. The only reason I bring it up is that users experience loss of connectivity to our Sharepoint server any time this DC is rebooted if they were logged on by this DC.


        • #5
          Re: DC removal

          There should be no issues in demoting the server once users have authenticated. If they need to re-authenticate they will locate another DC. Just make sure you always have at least one DC on the network and it is also a global catalogue. Also make sure the DC your demoting doesn't hold any of the FSMO roles:

          Hope this helps

          Michael Armstrong

          MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

          ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **


          • #6
            Re: DC removal

            I realize this is a little after the fact but just getting back to this thread. Thanks to all who replied. If you care, I was able to successfully demote the DC without issue. Thanks again to all.


            • #7
              Re: DC removal

              Thanks for the update, we appreciate. We actually do like to hear how a particular question/problem is resolved or how it turns out in the end.
              Joined: 23rd December 2003
              Departed: 23rd December 2015