Re: Backout from Native Mode
From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 11/24/04
- Next message: Brian Desmond [MVP]: "Re: Adding user to Child Domain Group"
- Previous message: Brian Desmond [MVP]: "Re: query to disabled users"
- In reply to: ptwilliams: "Re: Backout from Native Mode"
- Next in thread: Enkidu: "Re: Backout from Native Mode"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 24 Nov 2004 18:44:23 -0500
Paul,
It is alive and kicking and I have left it such because I figured you would
ask this. I remember you posting something about this. I did see that
attribute when I used ldp.exe to check things out ( was specifically looking
for it ). Right now it is indeed set to 0 ( Mixed Mode ).
And, yes, Nathan is our son. We have had the most fantastic day with him
today. He is a pure joy and the reason for everything that I do. What an
incredible little creature he is! I hope that you are fortunate enough to
have some children. They change everything completely.
I do not remember what it was like before he arrived some four months ago.
And I do not want to!
Anyway, enough of the proud papa raving!
Cary
"ptwilliams" <ptw2001@hotmail.com> wrote in message
news:ev1Z8un0EHA.2568@TK2MSFTNGP11.phx.gbl...
> Well, I hate to say it but I figured as much ;-) Although, it's good to
now
> know!
>
> If this test domain is still up and running can you try changing to native
> and then back again (after making some changes and ensuring they've not
> replicated)?
>
> The attribute is nTMixedDomain on the DC=domainName,DC=com sub-folder of
the
> domain NC.
>
> 0 (zero) is native mode
>
> I look forward to your answer...
>
>
> I take it Nathan is your son?
>
> --
>
> Paul Williams
>
> http://www.msresource.net
> http://forums.msresource.net
>
>
> "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> news:%23yRH9bm0EHA.2012@TK2MSFTNGP15.phx.gbl...
> Paul,
>
> Have just completed some testing in the lab. Created a WINNT 4.0 PDC
> running DHCP, WINS and DNS and then created a WINNT 4.0 BDC. I then
created
> a WIN2000 Pro client. All went well - as expected. NetBIOS name is
NATHAN
> and the dns name is nathan.com.
>
> I created two user accounts on the PDC and they replicated to the BDC. I
> then tried to edit something on the BDC ( clearly not gonna work ) and it
> did not work ( as expected ).
>
> I then upgraded the WINNT 4.0 PDC to WIN2000 and Active Directory. No
> problems. The two user account objects were there. I then created three
> additional user account objects on the 2K DC in the default location (
> USERS ) and they replicated to the BDC quickly. I then edited all five on
> the 2K DC with ADModify ( added a couple of things that do not appear in
the
> Users Manager for Domains and one thing - logon.bat - that does ). All
was
> good. I then created an OU and created three more user account objects in
> that OU and they did indeed show up in the Users Manager for Domains. All
> as expected.
>
> Ran a bunch of tests. In the ADUC MMC the BDC does show up under the
Domain
> Controllers OU. It also shows up in ADSIEdit ( obviously ) but does not
> have the CN=nTFRSubscription object ( clearly ). However, it does not
show
> up in the ADSS MMC. Also does not show up in the DNS MMC.
>
> Ran dcdiag /c /v on the WIN2000 DC and it is the only DC that shows up.
No
> NT 4.0 BDC. Ran netdiag /v and same thing. If you run repadmin /showreps
> it is empty. Same for repadmin /showconn and replmon. If you run nltest
> /bdc_query:nathan the NT 4.0 BDC is found to be 'In_Synch'. If you run
> nltest /dclist:nathan it finds both ( although the 2K DC is listed by the
> fqdn - nathanpdc.nathan.com - while the NT BDC is listed by its computer
> name - nathanbdc ).
>
> I then attempted to remove the bdc via ntdsutil. However, it does not
show
> up ( in the 'List Servers in Site' section only the WIN2000 DC is there ).
> So, we do not need to worry about this.
>
> I then attempted to delete the computer account object from the Domain
> Controllers OU. Naturally, it could not be deleted. Simply needed to
> change the userAccountControl value from 8192 to 4096. Then I could
delete
> it. Gone.
>
> Then gave it a minute or two. Went to the BDC and rebooted. Able to log
on
> without any problem. Simply turned off the BDC and rebooted the WIN2000
Pro
> client. No problems. Except that the logon script did not work too well
> ( as all of the shared folders were on the BDC! ).
>
> So, in a nutshell all you need to do is to remove the BDC from the Domain
> Controllers OU and turn it off ( naturally you would need to take care of
> any services that might be running on the machine or any shared folders or
> what not ). Then, a week later simply remove it completely and possibly
> recycle...or not!
>
> Cary
>
>
>
> "ptwilliams" <ptw2001@hotmail.com> wrote in message
> news:O%23mJ$RuzEHA.2040@tk2msftngp13.phx.gbl...
> > Hi Cary,
> >
> > All's well thanks! Hope everything's OK with you too.
> >
> > If you're in a position to test this that would be cool. I'd sure like
to
> > know. I've noticed there are often times when the docs say it can't be
> done
> > but it can -it's just not supported (like RIS and Win2000 server for
> example
> > ;-)
> >
> > Also, re. the whole NT BDC removal, I've dished out the advice that as
> > they're only read-only replicas they can be turned off and the computer
> > object removed -and the people I gave this advice never came back and
said
> > things didn't go as planned ;-)
> >
> > The main issues (that I've seen) with NT 5.x machines not being demoted
> > properly seem to stem from replication - the KCCs trying to create
links,
> > etc. Obviously this doesn't happen with NT as they don't use Frs. I've
> not
> > got round to removing any of our NT 4 BDCs yet. When I do (probably not
> any
> > time soon!) I'll have a dig around with LDP and NTFSUTIL see if there is
> any
> > metadata used, etc.
> >
> >
> > --
> >
> > Paul Williams
> >
> > http://www.msresource.net
> > http://forums.msresource.net
> >
> >
> > "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
> > news:uI8s4eXzEHA.3840@tk2msftngp13.phx.gbl...
> > Paul,
> >
> > When I have a chance I might just take a look at this. Anyway, there
has
> > been a lot of talk about how to 'demote' a WINNT 4.0 BDC in this
> newsgroup.
> >
> > Some people have answered that you just delete the computer account and
> all
> > is good. Other people have answered that you have to follow the
procedure
> > to remove a 'DC' from AD. I would learn more towards the latter but
have
> > not had to ever do it ( well, can not remember it if I have! ). So, it
> just
> > might be a nice time to take a look at this. Cannot promise that this
> will
> > happen in the next two hours ( or two days, for that matter ). But it
> will
> > be on my list of things to do....
> >
> > Hope that all is well with you!
> >
> > Cary
> >
> > "ptwilliams" <ptw2001@hotmail.com> wrote in message
> > news:OHpXlKVzEHA.3548@TK2MSFTNGP09.phx.gbl...
> > > Although all the documentation states that you cannot go back to mixed
> > mode
> > > once you've gone up to native mode is this completely true or just not
> > > recommended? After all, it's only one attribute on the domain
object -
> > > nTMixedDomain. Has anyone ever tried setting this attribute back to
1?
> > > I've not read that the ability to go back is hard coded into Windows
> > > itself...
> > >
> > > I guess that's one to test - problem is going through the hassle of
> > creating
> > > VM NT DCs : )
> > >
> > >
> > > --
> > >
> > > Paul Williams
> > >
> > > http://www.msresource.net
> > > http://forums.msresource.net
> > >
> > >
> > > "Kurt" <Kurt@discussions.microsoft.com> wrote in message
> > > news:13D92A5A-0318-4679-9FB9-6F6BA14A17D9@microsoft.com...
> > > Hi,
> > >
> > > I have 2 Domain Controllers running Active Directory in Mixed Mode.
> > > Could I add a 3rd and take it off-line, in case my move to Native Mode
> > does
> > > not go well. Then start it up and claim all roles?
> > >
> > > Kurt
> > >
> > > "Danny Sanders" wrote:
> > >
> > > > Kurt,
> > > >
> > > > You seem overly concerned with your domain being in Native mode. By
> > > > upgrading your existing PDC you will not have to set the domain to
> > Native
> > > > mode.
> > > >
> > > > Not sure how you are fixed for servers but if your original PDC can
> not
> > > > handle the upgrade and you have a new server you could remove Win 2k
> and
> > > > install NT 4.0 on it as a BDC, promote to PDC then upgrade this PDC
to
> > Win
> > > > 2k/Win 2k3 and AD.
> > > >
> > > > hth
> > > > DDS W 2k MVP MCSE
> > > >
> > > > "Kurt" <Kurt@discussions.microsoft.com> wrote in message
> > > > news:40463AFB-FB06-40D5-A26C-16F337BFC3B0@microsoft.com...
> > > > > Is there any way to backout after going to Native Mode?
> > > > > Could I restore the 2 AD Domain Controllers from tape? OR,
> > > > > Could I create a new BDC, and then take it off-line just in case
my
> > > > > Native
> > > > > Mode Domain is messed up?
> > > > >
> > > >
> > > >
> > > >
> > >
> > >
> >
> >
> >
>
>
>
- Next message: Brian Desmond [MVP]: "Re: Adding user to Child Domain Group"
- Previous message: Brian Desmond [MVP]: "Re: query to disabled users"
- In reply to: ptwilliams: "Re: Backout from Native Mode"
- Next in thread: Enkidu: "Re: Backout from Native Mode"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
