How to demote a BDC from being a domain controller

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

I have a BDC that has a corrupted user database. The PDC
(Windows 2000) seems to be fine. Howvwer the PDC does no
longer recognize the BDC as a BDC. So the Netlogon
Service on the BDC cannot start.

I tried to join the BDC to a secondary domain I have, what
does not work.

I also tried to get the BDC in it's own domain, what does
not work either.

Is there a way (like in WIndows 2000) to DEMOTE the BDC to
a plain standalone server?

Thanks.

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

You cannot demote NT4 DC's, this is new with Win2k. A reinstall is required
to change the role of NT4 Servers. You try to reset the secure channel with
Netdom or Nltest.

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

"Gerry Lieberwirth" <gerry@lieberwirth-consulting.com> wrote in message
news:13a4001c44409$6e243e80$a501280a@phx.gbl...
> I have a BDC that has a corrupted user database. The PDC
> (Windows 2000) seems to be fine. Howvwer the PDC does no
> longer recognize the BDC as a BDC. So the Netlogon
> Service on the BDC cannot start.
>
> I tried to join the BDC to a secondary domain I have, what
> does not work.
>
> I also tried to get the BDC in it's own domain, what does
> not work either.
>
> Is there a way (like in WIndows 2000) to DEMOTE the BDC to
> a plain standalone server?
>
> Thanks.

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Is there a way to repair the connection between my BDC and
PDC?

If I re-install, wouldn't it be better to go immediately
to Win 2000, or can I upgrade and then demote?

You see, the BDC also houses the Backup software of our
servers, a reinstall would require to fully reinstall also
the backup software.

Gerry

>-----Original Message-----
>You cannot demote NT4 DC's, this is new with Win2k. A
reinstall is required
>to change the role of NT4 Servers. You try to reset the
secure channel with
>Netdom or Nltest.
>
>--
>Scott Harding
>MCSE, MCSA, A+, Network+
>Microsoft MVP - Windows NT Server
>
>"Gerry Lieberwirth" <gerry@lieberwirth-consulting.com>
wrote in message
>news:13a4001c44409$6e243e80$a501280a@phx.gbl...
>> I have a BDC that has a corrupted user database. The
PDC
>> (Windows 2000) seems to be fine. Howvwer the PDC does
no
>> longer recognize the BDC as a BDC. So the Netlogon
>> Service on the BDC cannot start.
>>
>> I tried to join the BDC to a secondary domain I have,
what
>> does not work.
>>
>> I also tried to get the BDC in it's own domain, what
does
>> not work either.
>>
>> Is there a way (like in WIndows 2000) to DEMOTE the BDC
to
>> a plain standalone server?
>>
>> Thanks.
>
>
>.
>

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

You can use Netdom or Nltest to try and repair the PDC/BDC connection.

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

"Gerry Lieberwirth" <gerry@lieberwirth-consulting.com> wrote in message
news:1383001c44419$86aef2a0$a301280a@phx.gbl...
> Is there a way to repair the connection between my BDC and
> PDC?
>
> If I re-install, wouldn't it be better to go immediately
> to Win 2000, or can I upgrade and then demote?
>
> You see, the BDC also houses the Backup software of our
> servers, a reinstall would require to fully reinstall also
> the backup software.
>
> Gerry
>
> >-----Original Message-----
> >You cannot demote NT4 DC's, this is new with Win2k. A
> reinstall is required
> >to change the role of NT4 Servers. You try to reset the
> secure channel with
> >Netdom or Nltest.
> >
> >--
> >Scott Harding
> >MCSE, MCSA, A+, Network+
> >Microsoft MVP - Windows NT Server
> >
> >"Gerry Lieberwirth" <gerry@lieberwirth-consulting.com>
> wrote in message
> >news:13a4001c44409$6e243e80$a501280a@phx.gbl...
> >> I have a BDC that has a corrupted user database. The
> PDC
> >> (Windows 2000) seems to be fine. Howvwer the PDC does
> no
> >> longer recognize the BDC as a BDC. So the Netlogon
> >> Service on the BDC cannot start.
> >>
> >> I tried to join the BDC to a secondary domain I have,
> what
> >> does not work.
> >>
> >> I also tried to get the BDC in it's own domain, what
> does
> >> not work either.
> >>
> >> Is there a way (like in WIndows 2000) to DEMOTE the BDC
> to
> >> a plain standalone server?
> >>
> >> Thanks.
> >
> >
> >.
> >

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

I used NLTEST to identify the problem, using NLTEST
the /DCNAME: gives me a wrong PDC.

I could not find the NETDOM command? where can I find
that? I did install the NT Resourse Kit (SP4).

Gerry

>-----Original Message-----
>You can use Netdom or Nltest to try and repair the
PDC/BDC connection.
>
>--
>Scott Harding
>MCSE, MCSA, A+, Network+
>Microsoft MVP - Windows NT Server
>
>"Gerry Lieberwirth" <gerry@lieberwirth-consulting.com>
wrote in message
>news:1383001c44419$86aef2a0$a301280a@phx.gbl...
>> Is there a way to repair the connection between my BDC
and
>> PDC?
>>
>> If I re-install, wouldn't it be better to go immediately
>> to Win 2000, or can I upgrade and then demote?
>>
>> You see, the BDC also houses the Backup software of our
>> servers, a reinstall would require to fully reinstall
also
>> the backup software.
>>
>> Gerry
>>
>> >-----Original Message-----
>> >You cannot demote NT4 DC's, this is new with Win2k. A
>> reinstall is required
>> >to change the role of NT4 Servers. You try to reset the
>> secure channel with
>> >Netdom or Nltest.
>> >
>> >--
>> >Scott Harding
>> >MCSE, MCSA, A+, Network+
>> >Microsoft MVP - Windows NT Server
>> >
>> >"Gerry Lieberwirth" <gerry@lieberwirth-consulting.com>
>> wrote in message
>> >news:13a4001c44409$6e243e80$a501280a@phx.gbl...
>> >> I have a BDC that has a corrupted user database. The
>> PDC
>> >> (Windows 2000) seems to be fine. Howvwer the PDC
does
>> no
>> >> longer recognize the BDC as a BDC. So the Netlogon
>> >> Service on the BDC cannot start.
>> >>
>> >> I tried to join the BDC to a secondary domain I have,
>> what
>> >> does not work.
>> >>
>> >> I also tried to get the BDC in it's own domain, what
>> does
>> >> not work either.
>> >>
>> >> Is there a way (like in WIndows 2000) to DEMOTE the
BDC
>> to
>> >> a plain standalone server?
>> >>
>> >> Thanks.
>> >
>> >
>> >.
>> >
>
>
>.
>

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Use getsids.exe to compare the administrator account of the
BDC and the W2k PDC emulator they should match exactly
because the DCs share a common SID.

"Gerry Lieberwirth" <gerry@lieberwirth-consulting.com> wrote in message
news:142c801c444c1$73721610$a601280a@phx.gbl...
> I used NLTEST to identify the problem, using NLTEST
> the /DCNAME: gives me a wrong PDC.
>
> I could not find the NETDOM command? where can I find
> that? I did install the NT Resourse Kit (SP4).
>

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

I checked the SID's and the administrator SID's are
correct. But here is my problem....

NLTEST /DCNAME:MCGRAWGROUP gives me server name
\\WILLOWNET wich is NOT a DC at all.

NLTEST /DCLIST:MCGRAWGROUP gives me server names
\\WILLOWNT-REC (PDC)
\\MCGRAW-BDC

What is should be. Now on \\WILLOWNT-REC, there is NO
computer/domain account for \\MCGRAW-BDC.

If I open the Server Management Utility on MCGRAW-BDC for
MCGRAWGROUP, it says "Network has been deleted", if I open
it with "MCGRAW-BDC", is shows "Workstation" instead
of "Server" or "Backup Domain Controller".

I don't seem to have the NETDOM program either. So how
can I re-join MCGRAW-BDC with the MCGRAWGROUP?

Do I have to re-install, if so, should I install Wind 2000
Server instead?

Thanks,

Gerry
>-----Original Message-----
>Use getsids.exe to compare the administrator account of
the
>BDC and the W2k PDC emulator they should match exactly
>because the DCs share a common SID.
>
>"Gerry Lieberwirth" <gerry@lieberwirth-consulting.com>
wrote in message
>news:142c801c444c1$73721610$a601280a@phx.gbl...
>> I used NLTEST to identify the problem, using NLTEST
>> the /DCNAME: gives me a wrong PDC.
>>
>> I could not find the NETDOM command? where can I find
>> that? I did install the NT Resourse Kit (SP4).
>>
>
>
>.
>

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Download Netdom 1.8 from the following site:

ftp://ftp.microsoft.com/reskit/nt4/x86/

This is the NT version. Run the following command
on the BDC with domain admin rights:

NETDOM BDC mybdc /RESET

If it fails what is the exact error. Also you may
want to enable auditing for security policy changes
then synchronize the entire domain. Next check
the system log of the event viewer on all DCs to
see why the synch failed.

"Gerry Lieberwirth" <gerry@lieberwirth-consulting.com> wrote in message
> I checked the SID's and the administrator SID's are
> correct. But here is my problem....
>
> NLTEST /DCNAME:MCGRAWGROUP gives me server name
> \\WILLOWNET wich is NOT a DC at all.
>
> NLTEST /DCLIST:MCGRAWGROUP gives me server names
> \\WILLOWNT-REC (PDC)
> \\MCGRAW-BDC
>
> What is should be. Now on \\WILLOWNT-REC, there is NO
> computer/domain account for \\MCGRAW-BDC.
>
> If I open the Server Management Utility on MCGRAW-BDC for
> MCGRAWGROUP, it says "Network has been deleted", if I open
> it with "MCGRAW-BDC", is shows "Workstation" instead
> of "Server" or "Backup Domain Controller".
>
> I don't seem to have the NETDOM program either. So how
> can I re-join MCGRAW-BDC with the MCGRAWGROUP?
>
> Do I have to re-install, if so, should I install Wind 2000
> Server instead?
>

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

This is the result of the NETDOM BDC \\MCGRAW-BDC /RESET
command:

NETDOM BDC \\MCGRAW-BDC /RESET
NetDom 1.8 @1997-98. Written by Christophe Robert -
Microsoft.

Querying domain information on computer \\MCGRAW-BDC ...
The computer \\MCGRAW-BDC is a domain controller of
MCGRAWGROUP.
Searching PDC for domain MCGRAWGROUP ...
Found PDC \\WILLOWNET
Connecting to \\WILLOWNET ...
Verifying secure channel on \\MCGRAW-BDC ...

Secure channel failed. The SAM database on the Windows NT
Server does not have a
computer
account for this workstation trust relationship.

The BDC secure channel with the PDC is probably out of
sync.
Connecting to \\WILLOWNET ...
Resetting secure channel ...
Changing computer account on PDC \\WILLOWNET ...
The network request is not supported.

---------------------------------------------

As you see, it is looking for WILLOWNET instead of
WILLOWNT-REC..........
>-----Original Message-----
>Download Netdom 1.8 from the following site:
>
>ftp://ftp.microsoft.com/reskit/nt4/x86/
>
>This is the NT version. Run the following command
>on the BDC with domain admin rights:
>
>NETDOM BDC mybdc /RESET
>
>If it fails what is the exact error. Also you may
>want to enable auditing for security policy changes
>then synchronize the entire domain. Next check
>the system log of the event viewer on all DCs to
>see why the synch failed.
>
>"Gerry Lieberwirth" <gerry@lieberwirth-consulting.com>
wrote in message
>> I checked the SID's and the administrator SID's are
>> correct. But here is my problem....
>>
>> NLTEST /DCNAME:MCGRAWGROUP gives me server name
>> \\WILLOWNET wich is NOT a DC at all.
>>
>> NLTEST /DCLIST:MCGRAWGROUP gives me server names
>> \\WILLOWNT-REC (PDC)
>> \\MCGRAW-BDC
>>
>> What is should be. Now on \\WILLOWNT-REC, there is NO
>> computer/domain account for \\MCGRAW-BDC.
>>
>> If I open the Server Management Utility on MCGRAW-BDC
for
>> MCGRAWGROUP, it says "Network has been deleted", if I
open
>> it with "MCGRAW-BDC", is shows "Workstation" instead
>> of "Server" or "Backup Domain Controller".
>>
>> I don't seem to have the NETDOM program either. So how
>> can I re-join MCGRAW-BDC with the MCGRAWGROUP?
>>
>> Do I have to re-install, if so, should I install Wind
2000
>> Server instead?
>>
>
>
>.
>

 

[Guest]

Archived from groups: microsoft.public.windowsnt.domain (More info?)

I bet there is a static entry in the lmhosts file on the BDC.
Check the c:\winnt\system32\drivers\etc.

"Gerry Lieberwirth" <gerry@lieberwirth-consulting.com> wrote in message
news:148c801c444e8$9112db10$a501280a@phx.gbl...
> This is the result of the NETDOM BDC \\MCGRAW-BDC /RESET
> command:
>
> NETDOM BDC \\MCGRAW-BDC /RESET
> NetDom 1.8 @1997-98. Written by Christophe Robert -
> Microsoft.
>
> Querying domain information on computer \\MCGRAW-BDC ...
> The computer \\MCGRAW-BDC is a domain controller of
> MCGRAWGROUP.
> Searching PDC for domain MCGRAWGROUP ...
> Found PDC \\WILLOWNET
> Connecting to \\WILLOWNET ...
> Verifying secure channel on \\MCGRAW-BDC ...
>
> Secure channel failed. The SAM database on the Windows NT
> Server does not have a
> computer
> account for this workstation trust relationship.
>
> The BDC secure channel with the PDC is probably out of
> sync.
> Connecting to \\WILLOWNET ...
> Resetting secure channel ...
> Changing computer account on PDC \\WILLOWNET ...
> The network request is not supported.
>
> ---------------------------------------------
>
> As you see, it is looking for WILLOWNET instead of
> WILLOWNT-REC..........
> >-----Original Message-----
> >Download Netdom 1.8 from the following site:
> >
> >ftp://ftp.microsoft.com/reskit/nt4/x86/
> >
> >This is the NT version. Run the following command
> >on the BDC with domain admin rights:
> >
> >NETDOM BDC mybdc /RESET
> >
> >If it fails what is the exact error. Also you may
> >want to enable auditing for security policy changes
> >then synchronize the entire domain. Next check
> >the system log of the event viewer on all DCs to
> >see why the synch failed.
> >
> >"Gerry Lieberwirth" <gerry@lieberwirth-consulting.com>
> wrote in message
> >> I checked the SID's and the administrator SID's are
> >> correct. But here is my problem....
> >>
> >> NLTEST /DCNAME:MCGRAWGROUP gives me server name
> >> \\WILLOWNET wich is NOT a DC at all.
> >>
> >> NLTEST /DCLIST:MCGRAWGROUP gives me server names
> >> \\WILLOWNT-REC (PDC)
> >> \\MCGRAW-BDC
> >>
> >> What is should be. Now on \\WILLOWNT-REC, there is NO
> >> computer/domain account for \\MCGRAW-BDC.
> >>
> >> If I open the Server Management Utility on MCGRAW-BDC
> for
> >> MCGRAWGROUP, it says "Network has been deleted", if I
> open
> >> it with "MCGRAW-BDC", is shows "Workstation" instead
> >> of "Server" or "Backup Domain Controller".
> >>
> >> I don't seem to have the NETDOM program either. So how
> >> can I re-join MCGRAW-BDC with the MCGRAWGROUP?
> >>
> >> Do I have to re-install, if so, should I install Wind
> 2000
> >> Server instead?
> >>
> >
> >
> >.
> >