How to demote a BDC from being a domain controller

Archived from groups: microsoft.public.windowsnt.domain (More info?)

I have a BDC that has a corrupted user database. The PDC
(Windows 2000) seems to be fine. Howvwer the PDC does no
longer recognize the BDC as a BDC. So the Netlogon
Service on the BDC cannot start.

I tried to join the BDC to a secondary domain I have, what
does not work.

I also tried to get the BDC in it's own domain, what does
not work either.

Is there a way (like in WIndows 2000) to DEMOTE the BDC to
a plain standalone server?

Thanks.
9 answers Last reply
More about demote domain controller
  1. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    You cannot demote NT4 DC's, this is new with Win2k. A reinstall is required
    to change the role of NT4 Servers. You try to reset the secure channel with
    Netdom or Nltest.

    --
    Scott Harding
    MCSE, MCSA, A+, Network+
    Microsoft MVP - Windows NT Server

    "Gerry Lieberwirth" <gerry@lieberwirth-consulting.com> wrote in message
    news:13a4001c44409$6e243e80$a501280a@phx.gbl...
    > I have a BDC that has a corrupted user database. The PDC
    > (Windows 2000) seems to be fine. Howvwer the PDC does no
    > longer recognize the BDC as a BDC. So the Netlogon
    > Service on the BDC cannot start.
    >
    > I tried to join the BDC to a secondary domain I have, what
    > does not work.
    >
    > I also tried to get the BDC in it's own domain, what does
    > not work either.
    >
    > Is there a way (like in WIndows 2000) to DEMOTE the BDC to
    > a plain standalone server?
    >
    > Thanks.
  2. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Is there a way to repair the connection between my BDC and
    PDC?

    If I re-install, wouldn't it be better to go immediately
    to Win 2000, or can I upgrade and then demote?

    You see, the BDC also houses the Backup software of our
    servers, a reinstall would require to fully reinstall also
    the backup software.

    Gerry

    >-----Original Message-----
    >You cannot demote NT4 DC's, this is new with Win2k. A
    reinstall is required
    >to change the role of NT4 Servers. You try to reset the
    secure channel with
    >Netdom or Nltest.
    >
    >--
    >Scott Harding
    >MCSE, MCSA, A+, Network+
    >Microsoft MVP - Windows NT Server
    >
    >"Gerry Lieberwirth" <gerry@lieberwirth-consulting.com>
    wrote in message
    >news:13a4001c44409$6e243e80$a501280a@phx.gbl...
    >> I have a BDC that has a corrupted user database. The
    PDC
    >> (Windows 2000) seems to be fine. Howvwer the PDC does
    no
    >> longer recognize the BDC as a BDC. So the Netlogon
    >> Service on the BDC cannot start.
    >>
    >> I tried to join the BDC to a secondary domain I have,
    what
    >> does not work.
    >>
    >> I also tried to get the BDC in it's own domain, what
    does
    >> not work either.
    >>
    >> Is there a way (like in WIndows 2000) to DEMOTE the BDC
    to
    >> a plain standalone server?
    >>
    >> Thanks.
    >
    >
    >.
    >
  3. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    You can use Netdom or Nltest to try and repair the PDC/BDC connection.

    --
    Scott Harding
    MCSE, MCSA, A+, Network+
    Microsoft MVP - Windows NT Server

    "Gerry Lieberwirth" <gerry@lieberwirth-consulting.com> wrote in message
    news:1383001c44419$86aef2a0$a301280a@phx.gbl...
    > Is there a way to repair the connection between my BDC and
    > PDC?
    >
    > If I re-install, wouldn't it be better to go immediately
    > to Win 2000, or can I upgrade and then demote?
    >
    > You see, the BDC also houses the Backup software of our
    > servers, a reinstall would require to fully reinstall also
    > the backup software.
    >
    > Gerry
    >
    > >-----Original Message-----
    > >You cannot demote NT4 DC's, this is new with Win2k. A
    > reinstall is required
    > >to change the role of NT4 Servers. You try to reset the
    > secure channel with
    > >Netdom or Nltest.
    > >
    > >--
    > >Scott Harding
    > >MCSE, MCSA, A+, Network+
    > >Microsoft MVP - Windows NT Server
    > >
    > >"Gerry Lieberwirth" <gerry@lieberwirth-consulting.com>
    > wrote in message
    > >news:13a4001c44409$6e243e80$a501280a@phx.gbl...
    > >> I have a BDC that has a corrupted user database. The
    > PDC
    > >> (Windows 2000) seems to be fine. Howvwer the PDC does
    > no
    > >> longer recognize the BDC as a BDC. So the Netlogon
    > >> Service on the BDC cannot start.
    > >>
    > >> I tried to join the BDC to a secondary domain I have,
    > what
    > >> does not work.
    > >>
    > >> I also tried to get the BDC in it's own domain, what
    > does
    > >> not work either.
    > >>
    > >> Is there a way (like in WIndows 2000) to DEMOTE the BDC
    > to
    > >> a plain standalone server?
    > >>
    > >> Thanks.
    > >
    > >
    > >.
    > >
  4. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    I used NLTEST to identify the problem, using NLTEST
    the /DCNAME: gives me a wrong PDC.

    I could not find the NETDOM command? where can I find
    that? I did install the NT Resourse Kit (SP4).

    Gerry

    >-----Original Message-----
    >You can use Netdom or Nltest to try and repair the
    PDC/BDC connection.
    >
    >--
    >Scott Harding
    >MCSE, MCSA, A+, Network+
    >Microsoft MVP - Windows NT Server
    >
    >"Gerry Lieberwirth" <gerry@lieberwirth-consulting.com>
    wrote in message
    >news:1383001c44419$86aef2a0$a301280a@phx.gbl...
    >> Is there a way to repair the connection between my BDC
    and
    >> PDC?
    >>
    >> If I re-install, wouldn't it be better to go immediately
    >> to Win 2000, or can I upgrade and then demote?
    >>
    >> You see, the BDC also houses the Backup software of our
    >> servers, a reinstall would require to fully reinstall
    also
    >> the backup software.
    >>
    >> Gerry
    >>
    >> >-----Original Message-----
    >> >You cannot demote NT4 DC's, this is new with Win2k. A
    >> reinstall is required
    >> >to change the role of NT4 Servers. You try to reset the
    >> secure channel with
    >> >Netdom or Nltest.
    >> >
    >> >--
    >> >Scott Harding
    >> >MCSE, MCSA, A+, Network+
    >> >Microsoft MVP - Windows NT Server
    >> >
    >> >"Gerry Lieberwirth" <gerry@lieberwirth-consulting.com>
    >> wrote in message
    >> >news:13a4001c44409$6e243e80$a501280a@phx.gbl...
    >> >> I have a BDC that has a corrupted user database. The
    >> PDC
    >> >> (Windows 2000) seems to be fine. Howvwer the PDC
    does
    >> no
    >> >> longer recognize the BDC as a BDC. So the Netlogon
    >> >> Service on the BDC cannot start.
    >> >>
    >> >> I tried to join the BDC to a secondary domain I have,
    >> what
    >> >> does not work.
    >> >>
    >> >> I also tried to get the BDC in it's own domain, what
    >> does
    >> >> not work either.
    >> >>
    >> >> Is there a way (like in WIndows 2000) to DEMOTE the
    BDC
    >> to
    >> >> a plain standalone server?
    >> >>
    >> >> Thanks.
    >> >
    >> >
    >> >.
    >> >
    >
    >
    >.
    >
  5. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Use getsids.exe to compare the administrator account of the
    BDC and the W2k PDC emulator they should match exactly
    because the DCs share a common SID.

    "Gerry Lieberwirth" <gerry@lieberwirth-consulting.com> wrote in message
    news:142c801c444c1$73721610$a601280a@phx.gbl...
    > I used NLTEST to identify the problem, using NLTEST
    > the /DCNAME: gives me a wrong PDC.
    >
    > I could not find the NETDOM command? where can I find
    > that? I did install the NT Resourse Kit (SP4).
    >
  6. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    I checked the SID's and the administrator SID's are
    correct. But here is my problem....

    NLTEST /DCNAME:MCGRAWGROUP gives me server name
    \\WILLOWNET wich is NOT a DC at all.

    NLTEST /DCLIST:MCGRAWGROUP gives me server names
    \\WILLOWNT-REC (PDC)
    \\MCGRAW-BDC

    What is should be. Now on \\WILLOWNT-REC, there is NO
    computer/domain account for \\MCGRAW-BDC.

    If I open the Server Management Utility on MCGRAW-BDC for
    MCGRAWGROUP, it says "Network has been deleted", if I open
    it with "MCGRAW-BDC", is shows "Workstation" instead
    of "Server" or "Backup Domain Controller".

    I don't seem to have the NETDOM program either. So how
    can I re-join MCGRAW-BDC with the MCGRAWGROUP?

    Do I have to re-install, if so, should I install Wind 2000
    Server instead?

    Thanks,

    Gerry
    >-----Original Message-----
    >Use getsids.exe to compare the administrator account of
    the
    >BDC and the W2k PDC emulator they should match exactly
    >because the DCs share a common SID.
    >
    >"Gerry Lieberwirth" <gerry@lieberwirth-consulting.com>
    wrote in message
    >news:142c801c444c1$73721610$a601280a@phx.gbl...
    >> I used NLTEST to identify the problem, using NLTEST
    >> the /DCNAME: gives me a wrong PDC.
    >>
    >> I could not find the NETDOM command? where can I find
    >> that? I did install the NT Resourse Kit (SP4).
    >>
    >
    >
    >.
    >
  7. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Download Netdom 1.8 from the following site:

    ftp://ftp.microsoft.com/reskit/nt4/x86/

    This is the NT version. Run the following command
    on the BDC with domain admin rights:

    NETDOM BDC mybdc /RESET

    If it fails what is the exact error. Also you may
    want to enable auditing for security policy changes
    then synchronize the entire domain. Next check
    the system log of the event viewer on all DCs to
    see why the synch failed.

    "Gerry Lieberwirth" <gerry@lieberwirth-consulting.com> wrote in message
    > I checked the SID's and the administrator SID's are
    > correct. But here is my problem....
    >
    > NLTEST /DCNAME:MCGRAWGROUP gives me server name
    > \\WILLOWNET wich is NOT a DC at all.
    >
    > NLTEST /DCLIST:MCGRAWGROUP gives me server names
    > \\WILLOWNT-REC (PDC)
    > \\MCGRAW-BDC
    >
    > What is should be. Now on \\WILLOWNT-REC, there is NO
    > computer/domain account for \\MCGRAW-BDC.
    >
    > If I open the Server Management Utility on MCGRAW-BDC for
    > MCGRAWGROUP, it says "Network has been deleted", if I open
    > it with "MCGRAW-BDC", is shows "Workstation" instead
    > of "Server" or "Backup Domain Controller".
    >
    > I don't seem to have the NETDOM program either. So how
    > can I re-join MCGRAW-BDC with the MCGRAWGROUP?
    >
    > Do I have to re-install, if so, should I install Wind 2000
    > Server instead?
    >
  8. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    This is the result of the NETDOM BDC \\MCGRAW-BDC /RESET
    command:

    NETDOM BDC \\MCGRAW-BDC /RESET
    NetDom 1.8 @1997-98. Written by Christophe Robert -
    Microsoft.

    Querying domain information on computer \\MCGRAW-BDC ...
    The computer \\MCGRAW-BDC is a domain controller of
    MCGRAWGROUP.
    Searching PDC for domain MCGRAWGROUP ...
    Found PDC \\WILLOWNET
    Connecting to \\WILLOWNET ...
    Verifying secure channel on \\MCGRAW-BDC ...

    Secure channel failed. The SAM database on the Windows NT
    Server does not have a
    computer
    account for this workstation trust relationship.

    The BDC secure channel with the PDC is probably out of
    sync.
    Connecting to \\WILLOWNET ...
    Resetting secure channel ...
    Changing computer account on PDC \\WILLOWNET ...
    The network request is not supported.

    ---------------------------------------------

    As you see, it is looking for WILLOWNET instead of
    WILLOWNT-REC..........
    >-----Original Message-----
    >Download Netdom 1.8 from the following site:
    >
    >ftp://ftp.microsoft.com/reskit/nt4/x86/
    >
    >This is the NT version. Run the following command
    >on the BDC with domain admin rights:
    >
    >NETDOM BDC mybdc /RESET
    >
    >If it fails what is the exact error. Also you may
    >want to enable auditing for security policy changes
    >then synchronize the entire domain. Next check
    >the system log of the event viewer on all DCs to
    >see why the synch failed.
    >
    >"Gerry Lieberwirth" <gerry@lieberwirth-consulting.com>
    wrote in message
    >> I checked the SID's and the administrator SID's are
    >> correct. But here is my problem....
    >>
    >> NLTEST /DCNAME:MCGRAWGROUP gives me server name
    >> \\WILLOWNET wich is NOT a DC at all.
    >>
    >> NLTEST /DCLIST:MCGRAWGROUP gives me server names
    >> \\WILLOWNT-REC (PDC)
    >> \\MCGRAW-BDC
    >>
    >> What is should be. Now on \\WILLOWNT-REC, there is NO
    >> computer/domain account for \\MCGRAW-BDC.
    >>
    >> If I open the Server Management Utility on MCGRAW-BDC
    for
    >> MCGRAWGROUP, it says "Network has been deleted", if I
    open
    >> it with "MCGRAW-BDC", is shows "Workstation" instead
    >> of "Server" or "Backup Domain Controller".
    >>
    >> I don't seem to have the NETDOM program either. So how
    >> can I re-join MCGRAW-BDC with the MCGRAWGROUP?
    >>
    >> Do I have to re-install, if so, should I install Wind
    2000
    >> Server instead?
    >>
    >
    >
    >.
    >
  9. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    I bet there is a static entry in the lmhosts file on the BDC.
    Check the c:\winnt\system32\drivers\etc.

    "Gerry Lieberwirth" <gerry@lieberwirth-consulting.com> wrote in message
    news:148c801c444e8$9112db10$a501280a@phx.gbl...
    > This is the result of the NETDOM BDC \\MCGRAW-BDC /RESET
    > command:
    >
    > NETDOM BDC \\MCGRAW-BDC /RESET
    > NetDom 1.8 @1997-98. Written by Christophe Robert -
    > Microsoft.
    >
    > Querying domain information on computer \\MCGRAW-BDC ...
    > The computer \\MCGRAW-BDC is a domain controller of
    > MCGRAWGROUP.
    > Searching PDC for domain MCGRAWGROUP ...
    > Found PDC \\WILLOWNET
    > Connecting to \\WILLOWNET ...
    > Verifying secure channel on \\MCGRAW-BDC ...
    >
    > Secure channel failed. The SAM database on the Windows NT
    > Server does not have a
    > computer
    > account for this workstation trust relationship.
    >
    > The BDC secure channel with the PDC is probably out of
    > sync.
    > Connecting to \\WILLOWNET ...
    > Resetting secure channel ...
    > Changing computer account on PDC \\WILLOWNET ...
    > The network request is not supported.
    >
    > ---------------------------------------------
    >
    > As you see, it is looking for WILLOWNET instead of
    > WILLOWNT-REC..........
    > >-----Original Message-----
    > >Download Netdom 1.8 from the following site:
    > >
    > >ftp://ftp.microsoft.com/reskit/nt4/x86/
    > >
    > >This is the NT version. Run the following command
    > >on the BDC with domain admin rights:
    > >
    > >NETDOM BDC mybdc /RESET
    > >
    > >If it fails what is the exact error. Also you may
    > >want to enable auditing for security policy changes
    > >then synchronize the entire domain. Next check
    > >the system log of the event viewer on all DCs to
    > >see why the synch failed.
    > >
    > >"Gerry Lieberwirth" <gerry@lieberwirth-consulting.com>
    > wrote in message
    > >> I checked the SID's and the administrator SID's are
    > >> correct. But here is my problem....
    > >>
    > >> NLTEST /DCNAME:MCGRAWGROUP gives me server name
    > >> \\WILLOWNET wich is NOT a DC at all.
    > >>
    > >> NLTEST /DCLIST:MCGRAWGROUP gives me server names
    > >> \\WILLOWNT-REC (PDC)
    > >> \\MCGRAW-BDC
    > >>
    > >> What is should be. Now on \\WILLOWNT-REC, there is NO
    > >> computer/domain account for \\MCGRAW-BDC.
    > >>
    > >> If I open the Server Management Utility on MCGRAW-BDC
    > for
    > >> MCGRAWGROUP, it says "Network has been deleted", if I
    > open
    > >> it with "MCGRAW-BDC", is shows "Workstation" instead
    > >> of "Server" or "Backup Domain Controller".
    > >>
    > >> I don't seem to have the NETDOM program either. So how
    > >> can I re-join MCGRAW-BDC with the MCGRAWGROUP?
    > >>
    > >> Do I have to re-install, if so, should I install Wind
    > 2000
    > >> Server instead?
    > >>
    > >
    > >
    > >.
    > >
Ask a new question

Read More

Domain Windows 2000 Domain Controller Windows