We have three DC's, all running Windows Server 2003 w/SP2. DC1 is unstable,
and needs to be demoted before there is a serious hardware failure. DC2 and
DC3 have been brought online, and all of the FSMO roles have been moved to
them. The one remaining issue is that DC1 issued the Domain Controller
certs to DC2 and DC3. No other certs in our environment where created by
DC1, just the Domain Controller certs for DC2 and DC3. What needs to be
done in order to allow the demotion of DC1 out of AD without affecting the
certs? This server will be salvaged after the demotion.
Re: Intermittent Access Denied to Users Home Folder ... We are getting rid of DC3 because of age and performance. ... The 2nd NIC on DC2 is disabled; however the box is used for VPN purposes. ... Unless it was thrown in for web services, I would go ahead and remove those additional IPs, and run the following: ... Someone recently posted that their BIND group would not create necessary zones/resources to support their AD for whatever reason.... (microsoft.public.windows.server.networking)
Re: Domain users cannot logon to domain ... is lost no domain users cannot logon anymore on DC3 and DC2. ... - Make sure that all servers are reachable by FQDN, using Dns Secondary...DC1: Domain.net ... Primary DNS: DC1 and DNS Suffix Search List: Dc3 and DC2... (microsoft.public.windows.server.active_directory)
Re: Logon Server ... Everyone was pointing to DC1 or DC2.... All these user are having the LOGON server as DC3.... (microsoft.public.win2000.active_directory)
Re: Domain users cannot logon to domain ... So basicly what you say is i need to activate a GC on DC2 and DC3.... connected to DC1 and DC2 via a vpn tunnel. ... create a new subnet on DC1 and not on DC2 and DC3. ... (microsoft.public.windows.server.active_directory)
