RE: Transferring roles from 2k DC to 2k3 DC


Thanks for posting!

I understand that no user account can authenticate with Windows 2k3 DC
after turning off the Windows 2K DC. If I have misunderstood your concerns,
please feel free to let me know.

Technical speaking, it is the best practice to run DCpromo.exe on the
previous Windows 2k DC to demote it. In the process of the demission, it
would contact with Windows 2k3 and remove the unnecessary objects with
respect to Windows 2k DC. Therefore, if you do not need the Windows 2k DC
any more, I suggest you take the best practice into account. At this
moment, if the Windows 2k DC does not exist, I would like provide you the
following information:

1. To ensure the Windows 2k3 DC as GC.

More detailed information for your reference:
313994 How To Create or Move a Global Catalog in Windows 2000 (It is also
applied to Windows 2k3)

2. To ensure all the clients point their DNS to Windows 2k3 DNS server.

More information for your reference:
How to disable the requirement that a global catalog server be available to
validate user logons;en-us;241789

3. If the issue persists, please post the exact error when authenticating
with DC.

Hope the information helps. If there is anything that is unclear, please
feel free to let me know.

Thanks & Regards,

Jason Tan

Microsoft Online Partner Support
Get Secure! -


When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

This posting is provided "AS IS" with no warranties, and confers no rights.

| Thread-Topic: Transferring roles from 2k DC to 2k3 DC
| thread-index: AcV2rkArO2MO7B+6RwmiO9yXQqvC6A==
| X-WBNR-Posting-Host:
| From: "=?Utf-8?B?U3RlcGhlblRNQQ==?="
| Subject: Transferring roles from 2k DC to 2k3 DC
| Date: Tue, 21 Jun 2005 15:12:02 -0700
| Lines: 9
| Message-ID: <1C14DFE0-E02D-4400-9DDD-3DDFDF59ED73@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
| Newsgroups:
| NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl
| X-Tomcat-NG:
| I have an old Windows 2000 domain controller that I need to remove and
| upgrade. I have a 2k3 domain controller already in place but the 2000 DC
| acting as the global catalog. I have moved all roles to the 2k3 box
| (DHCP,DNS,WINS,Operation Masters,global catalog). When I turn off the 2k
| box(without demoting it), nobody can authenticate. Is there somwhere I
| missing to turn the 2k3 box into an authentication server? The only
thing I
| can think is that when the DC role was added to the 2k3 box(prior to me),
| something was configured right. But I don't want to remove the role and
| readd it if I don't have to. Thanks in advance for any help.