Announcement

Collapse
No announcement yet.

Demoting a Win2000 server Secondary Domain Controller to a Member Server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Demoting a Win2000 server Secondary Domain Controller to a Member Server

    Hi once again.

    I have a little problem..

    I had a problem with my network,on which I thought my DC had problems,and in the process of solving the issue,I promoted a Win2000 member server to a Seconday DC so that it can provide backup services for the Primary DC..I found out that the problem was an IPSec policy setting at the Default Domain Policy.Disabling the policy solved everything.

    Now,I want to take things back to where they used to be.I want to demote the Secondary DC to just a member server,like it used to be.It runs the DHCP service.

    How do I do that?

    Any help would be appreciated.

    Cheers!!

  • #2
    Re: Demoting a Win2000 server Secondary Domain Controller to a Member Server

    Originally posted by Giodino View Post
    Hi once again.

    I have a little problem..

    I had a problem with my network,on which I thought my DC had problems,and in the process of solving the issue,I promoted a Win2000 member server to a Seconday DC so that it can provide backup services for the Primary DC..I found out that the problem was an IPSec policy setting at the Default Domain Policy.Disabling the policy solved everything.

    Now,I want to take things back to where they used to be.I want to demote the Secondary DC to just a member server,like it used to be.It runs the DHCP service.

    How do I do that?

    Any help would be appreciated.

    Cheers!!
    As long as the DC doesn't have any FSMO roles, you can run dcpromo from the run box on the server you wish to demote and this will demote the DC to be a member server.

    Also, make sure that this server isn't the only global catalog, check in the sites and services plug in!

    http://support.microsoft.com/kb/238369

    Before you do this backup your DHCP settings (Use DHCPExim from the resource kit). I have seen servers remove DHCP settings when you promote a server, never tried a demotion though.

    On the other hand though, if you only have one other DC, why not keep two? It will help with processing logons and resilience.

    Hope that helps.
    Last edited by jacko101; 16th April 2008, 09:25. Reason: more info.

    Comment


    • #3
      Re: Demoting a Win2000 server Secondary Domain Controller to a Member Server

      In the AD Sites and Services snap in,under the Servers section,the secondary DC is listed asone of the servers,together with the Primary DC.

      I guess that is why I can't demote the server,because when I do it, it gives me the "The operation failed because: The Directory Service failed to replicate off changes made locally. "Access is denied. " error message.

      I tried to delete the server from the Servers snap in,but the system won't let me.It says "The DSA object cannot be deleted."

      What's the way forward?

      Thanks.

      Comment


      • #4
        Re: Demoting a Win2000 server Secondary Domain Controller to a Member Server

        OK..

        AD Sites and Services, on the Servers snap in,I selected the server that I want to demote,went to Properties and under the Computer field,I changed the computer from the secondary DC (one I want to demote) to the primary DC.

        But I still get the error.

        Comment


        • #5
          Re: Demoting a Win2000 server Secondary Domain Controller to a Member Server

          Originally posted by Giodino View Post
          OK..

          AD Sites and Services, on the Servers snap in,I selected the server that I want to demote,went to Properties and under the Computer field,I changed the computer from the secondary DC (one I want to demote) to the primary DC.

          But I still get the error.
          I'm not quite following what you are doing.

          Have you gone to the server you want to demote and ran dcpromo from the run prompt? If so, are you getting an error?

          Comment


          • #6
            Re: Demoting a Win2000 server Secondary Domain Controller to a Member Server

            Yeah,I ran the dcpromo command on the server,and it gave an error which I copied and pasted on my earlier post.

            I followed the Microsoft KB article,and,since running the dcpromo gave errors,I used the ntdsutil to delete the metabase,as the article says.

            I then tried to run dcpromo again and I got two errors.The first one said "The RID server could not be reached",or something similar,and the second one said "Logon account name is not authenicated",or is unknown,or is incorrect,or something similar.I continuosly get the second error now.

            I'm pretty sure the account is fine,coz I used it logon to the server everytime restarted it.I also added the account name to the Enterprise Admins.Still I get the error.I also used a different account which is a member of the Enterprise Admins,but to no avail.

            Am I missing something??

            Comment

            Working...
            X