Announcement

Collapse
No announcement yet.

How long does an orphaned Win2000 domain controller have to live?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How long does an orphaned Win2000 domain controller have to live?

    Scenario:
    Main office running Windows 2003 SBS domain. Autonomous branch office (sister company, really), connected to the same subnet by fiber, has a second domain controller running Windows 2000.
    Natural disaster strikes main office. Strategic decision is made to scrap the old SBS. Installed a replacement server, upgraded and/or migrated all member servers and workstations as needed into the new domain. Was labor intensive but worked out well in the end.

    Problem:
    The autonomous branch office refuses to upgrade/migrate. Win2000 server continues to operate as an "orphaned" domain controller. They are logging on and accessing their own resources just fine and feel no pressure to change anything.

    Request:
    Isn't the Win2000 domain controller, now disconnected permanently from its former Global Catalog server, going to tombstone out at some point? Was expecting it in 60 days but we are already past that threshold. Do they instead have 180 days to live? What is going to happen, will users suddenly not be able to log in one day?

    I need to provide an accurate assessment at what the risks are, to get them motivated to actually do something.

  • #2
    Re: How long does an orphaned Win2000 domain controller have to live?

    Could you give some information about the new server and setup ?
    What OS ?
    What domain/forest functional level etc ?

    Are the new and the 2000 server no longer replicating/talking to each other?
    Please give points where appropriate

    <I dont create ready scripts for you, but I'm willing to point you in the right direction>

    Comment


    • #3
      Re: How long does an orphaned Win2000 domain controller have to live?

      From memory it is as you state 60 days that the server has until it is tombstoned and cannot be rejoined back onto the original domain.

      As you've rebuilt the domian the 2000 DC will act as the single DC for the old domain until such times as you re-add it to the new domain.

      You will need to do a metadata cleanup to remove all the old DC's from the machine and seize all the available FSMO roles onto the 2000 server so it can work as a stand alone DC.

      If it were me i'd be DCPROMO'ing the old 2000 box to remove it from the old domain and then adding it to the new domain and DCPROMO'ing it to make it a DC on that one.

      Comment

      Working...
      X