General discussion


Domain Controller Downgrade

By lamczyknic3000 ·
Here is the situation. I have one PC running server 2000 which is configured as a domain controller with the active directory configured. There is a second server running server 2003 which is also configured to a domain controller on the same domain, and the active directory is also configured. All user profile settings and files are stored on the second server, but the active directory is stored on the second. The problem lies in that when you shut down either PC no one can log in because the active directory cannot be accessed . How do I go about down grading the windows 2000 server without having problems with the active directory. Thank You

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

by exNN In reply to Domain Controller Downgra ...

First, you must make sure that if you shut down the 2000 server everybody will be able to log in. After doing so, you can demote (downgrade) the 2K server, it is the inverse process of promoting the plain server as a domain controller, so it will transfer all roles to the second DC. It is quite easy once you are complety sure the 2K3 DC works fine with all your clients. If you need more detailed instructions, just add comments to your post.

Good luck

Collapse -

by lamczyknic3000 In reply to Domain Controller Downgra ...

If i shutdown the 2K server everyone can log in locally but their profiles are no longer accessable.

Collapse -

by lamczyknic3000 In reply to Domain Controller Downgra ...

how can i check if the active directory is configured properly on the server running 2K3

Collapse -

by CG IT In reply to Domain Controller Downgra ...

you have to have the global catalog role assigned to both servers to have users log on and authenticate should the one of the servers go down. Global Catalog roles are not automatically assigned to domain controllers [it is on the first domain controller in the forest/domain as that server has all roles but not on subsequent domain controllers].

To remove a domain controller on a network that has only 1 remaining domain controller, the last DC must have all roles for the network to function [including DNS as AD requires DNS to function properly]. you must either assign or sieze all the FSMO roles that the DC being removed was responsible for.

Collapse -

by curlergirl In reply to Domain Controller Downgra ...

Before you shut down or demote the Win2K server, you have to make sure that all of the FSMO roles and the global catalog role reside on the Win2K3 server.

To check and/or move the FSMO roles, open AD Users and Computers, expand so that you can see the domain name. Then right-click on the domain name and select Operations Masters from the menu. This will show you which computer holds all of the operations master roles and allow you to move them to the correct server.

To check and assign servers as global catalog servers, open AD Sites and Services, expand the site name (Default-First-Site-Name if you haven't changed it), then expand the server object so that you can see the NTDS Settings object. Right-click NTDS Settings and go to Properties. On the General tab, you will see the check box for Global Catalog - make sure it is checked for the Win2k3 server before you demote the other server.

The profiles do not have to be on a domain controller, but keep in mind that whichever serve they are on, if that server goes down, your users will get a local cached copy of their profile. They should, however, still be able to log on, but any changes to their profile will not be updated to the server when they log off.

Hope this helps!

Related Discussions

Related Forums