Re: More than one Administrator Account and Reinstalling OS on a D

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Robert (Robert_at_discussions.microsoft.com)
Date: 01/31/05

• Next message: jswift: "Re: SFU on Windows 2003"
• Previous message: Robert: "Re: More than one Administrator Account and Reinstalling OS on a D"
• In reply to: Ryan Hanisco: "Re: More than one Administrator Account and Reinstalling OS on a DC"
• Next in thread: Chriss3 [MVP]: "Re: More than one Administrator Account and Reinstalling OS on a DC"
• Messages sorted by: [ date ] [ thread ]

---

Date: Mon, 31 Jan 2005 09:13:02 -0800

Thanks for your quick reply - most appreciated. Pardon my lack of
understanding too.

The other roles you describe (Enter Admin, Domain Admin etc) do exist, but
there are still two "In-built account for administering the machine/domain".
Are these in AD Users and Computers because I have 2 domain controllers
currently... one for each machine?

Also, how do I check if the DC I am removing is the Global Catalog, and am I
right in thinking that this isn't one of the FSMO roles.

If the server I was demoting did have some of the FSMO roles, wouldn't they
get automatically transfered to the other DC? Or do I have to do that
manually?

DNS is installed on the other server so that should be OK, i.e. not the one
I am demoting. But do I need to remove the references to the DC I am demoting
on this DC.

Hope you can help

"Ryan Hanisco" wrote:

> Robert,
>
> What you will want to do is make sure that the DC you are keeping is running
> your vital services... GC, DNS, DHCP, WINS, File/Print Share and the like.
> Then you will use DCPROMO to demote the old controller. The FSMO roles and
> all will be transferred to the other controller -- this way it doesn't
> matter which one was the first. Just remember not to choose that option
> that says that "this is the last controller in the forest."
>
> With the admin accounts, which two are you referring to? You should have
> the admin account, but then also domain admins and enterprise admins... is
> there one there that was manually created?
>
> Good luck.
>
> --
> Ryan Hanisco
> MCSE, MCDBA
> Flagship Integration Services
>
> "Robert" <Robert@discussions.microsoft.com> wrote in message
> news:54B9F7FF-D15B-4253-9540-9B433ACE36D0@microsoft.com...
> > Dear All,
> >
> > I am fairly new to Active Directory, so please forgive my questioning.
> >
> > In our small network we have 2 domain controllers running Windows 2000
> > Advanced Server. I presume we have 2 for redundancy etc. Active Directory
> is
> > running in Native Mode.
> >
> > I need to rebuild one of the domain controllers because the machine it's
> > running on is very old and very slow server. I want to know how I go about
> > removing the domain controller from the network so that I can rebuild it,
> > join it to the exisiting AD and promote it back. Does anyone have any
> > information on how to do this?
> >
> > Also (very important), in AD Users & Computers, there seems to be 2 in
> built
> > accounts for administering the machine/domain...at the moment they are
> > renamed differently. Is this to be expected? These accounts co-exist in
> the
> > Administrators group. I can't remove one of them. I thought that there
> should
> > only be one Administrator's account for the domain. Or, is this because I
> > have 2 domain controllers.
> >
> > Also, when removing domain controllers, how do I know which is the first
> > domain controller in the forest? Will removing the wrong domain controller
> > cause a big problem, or will the roles be given to the one remaining DC
> when
> > I demote and remove the other one?
> >
> > I hope someone can help me. I am new to AD and my company.
> >
> > Much Thanks,
> > Rob
> >
> > Also, is there anything I should be aware of when I do this.
> >
>
>
>

---

• Next message: jswift: "Re: SFU on Windows 2003"
• Previous message: Robert: "Re: More than one Administrator Account and Reinstalling OS on a D"
• In reply to: Ryan Hanisco: "Re: More than one Administrator Account and Reinstalling OS on a DC"
• Next in thread: Chriss3 [MVP]: "Re: More than one Administrator Account and Reinstalling OS on a DC"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Exchange 2000 containers (Fields) not showing up in active directory!! ... using a domain admin account outside of a secure server room/datacentre. ... Install it on your workstations, ... > be managing users directly from domain controllers, ... >> On all of your Domain Controllers you need to drop in the Exchange 2000 ... (microsoft.public.win2000.active_directory) Re: Allowing a Domain User Admin Rights to a Couple of Domain Servers ... If they're domain controllers, then you're pretty much out of luck. ... admin on a DC is basically an admin of the network. ... rights to those two servers. ... > administrator to the rest of the network. ... (microsoft.public.windows.server.security) Re: remote authentication ... latterly win95 and win98 were domain controllers. ... >> Is there no way for me as an admin to connect to these WORKGROUP ... > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway ... (microsoft.public.scripting.wsh) Re: administrative privileage Q. ... You can add any domain account to the local administrators group on any ... There is no way to do such on domain controllers. ... install most software on a domain controller. ... have admin powers. ... (microsoft.public.windows.server.security) Re: 2000 Domain Admin Best Practices ... > regarding overall Domain security in terms of Administrators. ... How many built in administrator accounts are there? ... > their own IDs as part of the Domain Admin group? ... * create separate admin accounts to perform admin tasks ... (microsoft.public.win2000.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Win2000  > microsoft.public.win2000.active_directory  > 2005-02