Windows 2000 Active Directory authentication

By jim ·
I am trying to decommission a DC. I want to make sure that no users have authenticated to it. How can I list all the users that are authenticated into a DC?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -


by CG IT In reply to Windows 2000 Active Direc ...

Don't understand the reason behind making sure that no users authenticate to a DC being decommissioned. DCs in a Windows 2000 or above Active Directory environment are peers. decommissioning a DC is as simple as running dcpromo demote [provided that the DC isn't the last DC in the domain or that, that is the only DC that holds FSMO roles.

Collapse -

AD Authentication

by Joanne Lowery In reply to Windows 2000 Active Direc ...

Is this the last DC in your Domain? If not then just run DCPromo. Make sure you don't select "Last DC on Domain". If you have other DC servers then this one will be left as a domain member server. Users will still be able to conenct to the domain via other DC servers.
If this is the last DC the issue for you would be to remove any workstations that are still members of the security domain first. You can check this using AD Users and Computers. Click on the AD Domain header near the top left and then search for Computers in this domain.
Any machines you find can be managed (Right Click - Manage) and the Adminsitrator account password reset to something that you know or have already recorded. You could also create new user accounts from here. Ensure that you have a local admin account on each workstation prior to killing off the last AD server. Remove each workstation from the domain, before decommissioning the last DC.
Run DCPromo and follow the destructions to remove the last DC from the domain. Once you reboot the server it will be a "stand alone" machine.

Related Discussions

Related Forums