Re: GC server/infrastructure master question

James wrote:
I did notice some clients were referencing some old settings but when
I released and renewed the ip they were good. Along with a couple
that had WINS hard coded.
I will check on the Certificate Services etc. tomorrow morning at
work. I did not set this server up. Any other services I should be
concerned with? Sorry for all the questions, but where would I check
for a hard coded reference in a login script?

Just open the login script and look, or do a net view \\olddc to see what
shares and printers were setup. Then look for client references with a net
use. Won't get everything, but should cover the basics.

Certificate Authority is the important one as it can't easily be
circumvented.


James wrote:
Thanks kj-
I made all DC's GC's. Then I transferred Infra Master role to the
new DC. I also see all machines when i use net view now. I logged
on to a users computer and checked ip, etc.
In reference to the old Win 2000 DC...I shutdown the DHCP Server
service. I will leave it shut off for a week, then I will demote
using dcpromo. Am I missing anything? Should I shut down the old DC
now?

If you are planning to take it off line to see if any old references
remain, then just make sure the clients aren't trying to use it for
DNS services or an old hard coded refence in a login script or such.

Otherwise you should be fine. Didn't have any other special services
on that DC like Certificate Services?



James wrote:
Hello,
I am installing a Win2003 Server/DC to take the place of the first
Win2000 Server/DC on the domain. I have installed AD, DNS, DHCP,
and am in the process of transferring FSMO roles. I have
transferred all except Infrastructure Master. I've read that you
cannot transfer the Infrastructure Master role to a GC. Since I
have made the new DC a GC, what is the best practice for this
situation?
Thanks,

If this is a single domain, then there is no harm in making *all*
DC's also GCs. Otherwise the IM role holder should not also be a
GC. You could revert the GC status of the new DC if you have
another GC then move the IM role.

--
/kj

--
/kj

--
/kj


.

Relevant Pages

  • Re: GC server/infrastructure master question
    ... I did notice some clients were referencing some old settings but when I ... In reference to the old Win 2000 DC...I shutdown the DHCP Server ... am in the process of transferring FSMO roles. ...
    (microsoft.public.windows.server.setup)
  • Move Enterprise Root CA to new hardware
    ... If you can, have the new server ... >1) Backup the CA (and reg key) ... >2) Install certificate services on the new hardware doing ... >computer with certificate services installed on it. ...
    (microsoft.public.win2000.security)
  • Re: Windows Advanced Server 2000 PKI
    ... Also, the server I'm ... planning on installing Certificates Services has the high ... >enrollment via Internet Information Services. ... >> Certificate Services have been setup properly? ...
    (microsoft.public.win2000.security)
  • Re: Lost Domain Admin Password
    ... "Brian Komar" wrote: ... Because Certificate Services is installed, ... membership or computer name while the service is installed. ... if this is just a member server, once you have local admin credentials, ...
    (microsoft.public.windows.server.security)
  • Domain Controller Certificates and removing them or moving them to a new DC/cert server.
    ... certificate services loaded on it, and it's the cert server for the ... The server was Windows SBS that was upgraded to ... just load cert services, remove it from the old one, and the DC's ... Do I need to create a new cert authority on a different DC? ...
    (microsoft.public.windows.server.general)