Re: Mixed Mode Catch

The NT4 machine did not promote itself. Period. Anyone who told you that, stop listening to them, it did not happen.

Your option is to destroy the NT4 machine or buy UPROMOTE and demote it to a member machine. You are in a bad configuration right now and the OS is not going to let you correct it because you shouldn't have been able to get there. You were because of 2 main things:

1. Someone who didn't know what they were doing had too many rights to the domain controller.

2. Someone who didn't know what they were doing did something on the domain controller.

Had they not had the rights or not done anything you would be fine, this is just one of hundreds of reasons why you shouldn't give out rights on domain controllers.

Hopefully no one created any accounts or groups or workstations in the branch because you are going to lose them and there could be SID related issues.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


SmithSystems wrote:
Our network topography includes a Primary Domain Controller (Win 2K) and a vestigial BDC (Windows NT) which operates in a branch office. Our subnetted network operates over a dedicated VPN service, which is 99.9% reliable.

Recently we encountered a prolonged down time due to some network changes we initiated, and one of the branch office IT guys promoted the NT BDC to a PDC (or it promoted itself!)

When we restored the interoffice VPN, we discovered that the field office DC (now a PDC) showed the original PDC (Win2K) located in our main office as a BDC. And, the original PDC (main office) showed the branch office PDC as a BDC (correct to the orignal PDC, but not, actually, how the branch office machine was currently configured).

In either case, we brought the VPN link back up and, to our dismay, we can't find a way to get the NT (branch office) PDC demoted back to BDC. We tried using the SRVMGR tool in the NT RK to promote the original PDC (listed as a BDC on the NT branch office machine) back to PDC, but that action fails with an "error 0050. Network request is not supported."

We've tried to remove and restore the NT machine, but to no avail. The secure channels appear to be working, but we have TWO PDCs in the domain from the NT machine's POV, and it's causing NETLOGON problems.

How do we fix this?
.

Relevant Pages

  • Re: dns server error
    ... > i transfered the all 5 roles of pdc to one bdc, ... > that i started to face problem with domain controller ... > able to create mail box on exchange server, ...
    (microsoft.public.win2000.dns)
  • Re: PDC crashed - Exchange wont start with BDC
    ... the down domain controller to just ot handle some of the logon request ... I noticed also that I'm not to try to get the PDC back online, ... I've changed the setting for DNS for tcp/ip to go to the BDC (i made ... the PDC was also the DNS server. ...
    (microsoft.public.exchange.admin)
  • Re: PDC/BDC
    ... (PDC) ... Primary Domain Controller / (BDC) Backup Domain Controller. ... thing I want to do is have the new server backup the older server incase ...
    (microsoft.public.windows.server.networking)
  • Re: how PDC and BDC sync
    ... You have to use a system state backup for restoring a DC. ... A source domain controller uses USNs to determine what changes have ... BDC always get the update from PDC even if the time stamp on BDC is ...
    (microsoft.public.windows.server.active_directory)
  • Re: How promote bdc to pdc in windows 2003?
    ... BDC is new PDC, but now BDC has a new ip. ... > If you don't intend to bring your old domain controller back, ... > (active directory DNS). ...
    (microsoft.public.windows.server.setup)
Loading