NT SAM is gone in offline BDC

G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

Hi folks,
i have this typical issue.I left working on NT 4 some few
years back, but now in my new job i have to upgrade the
domain to win2k, i need your help to direct me in the
right way.
I have made a server a working BDC in the domain, then i
taken this BDC offline to a test environment so as to
promote this BDC to PDC and perform the upgrade
testing,when i tried to go to user manager and server
manager, they are blank and gives me an error message that
system could not contact the domain controller select some
other domain.I am confused..if i can not see the DC how
would i promote it to a PDC.
Is there a step i am missing or any tweak which will shoe
this to me ?
Thanks
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

The error message is normal but a blank user manager
suggests perhaps the SAM was not replicated out to
the BDC. In server manager you have to click on view
and enable "show domain members only" to see the
machine accounts. In normal view server manager uses
the browse list to enumerate the list you see but if you
enable "show domain members" only the list is enumerated
from the SAM database.

"GK" <anonymous@discussions.microsoft.com> wrote in message
news:6f9c01c483a3$db9db430$a401280a@phx.gbl...
> Hi folks,
> i have this typical issue.I left working on NT 4 some few
> years back, but now in my new job i have to upgrade the
> domain to win2k, i need your help to direct me in the
> right way.
> I have made a server a working BDC in the domain, then i
> taken this BDC offline to a test environment so as to
> promote this BDC to PDC and perform the upgrade
> testing,when i tried to go to user manager and server
> manager, they are blank and gives me an error message that
> system could not contact the domain controller select some
> other domain.I am confused..if i can not see the DC how
> would i promote it to a PDC.
> Is there a step i am missing or any tweak which will shoe
> this to me ?
> Thanks
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

hi Sam,
Thanks for your input.
I have some more related questions<
1.How would i check on a BDC whether i got the readable
copy of SAM database before i take it offline.
2.I have read somewhere that I need WINS to get the name
resolved so as the system to see itslef when it tries to
locate the domain controller, i have even copied the WINS
database on a WINS server and placed them in the Test
environment, but same results..BDC which was taken offline
could not open up the database.


Show domain membership option was selected,but still same.

Any input is appreciated.
Thanks
GK
>-----Original Message-----
>The error message is normal but a blank user manager
>suggests perhaps the SAM was not replicated out to
>the BDC. In server manager you have to click on view
>and enable "show domain members only" to see the
>machine accounts. In normal view server manager uses
>the browse list to enumerate the list you see but if you
>enable "show domain members" only the list is enumerated
>from the SAM database.
>
>"GK" <anonymous@discussions.microsoft.com> wrote in
message
>news:6f9c01c483a3$db9db430$a401280a@phx.gbl...
>> Hi folks,
>> i have this typical issue.I left working on NT 4 some
few
>> years back, but now in my new job i have to upgrade the
>> domain to win2k, i need your help to direct me in the
>> right way.
>> I have made a server a working BDC in the domain, then i
>> taken this BDC offline to a test environment so as to
>> promote this BDC to PDC and perform the upgrade
>> testing,when i tried to go to user manager and server
>> manager, they are blank and gives me an error message
that
>> system could not contact the domain controller select
some
>> other domain.I am confused..if i can not see the DC how
>> would i promote it to a PDC.
>> Is there a step i am missing or any tweak which will
shoe
>> this to me ?
>> Thanks
>
>
>.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

Hi,
The name is Michael not SAM. <g>
Answers inline:

<anonymous@discussions.microsoft.com> wrote in message news:
> hi Sam,
> Thanks for your input.
> I have some more related questions<
> 1.How would i check on a BDC whether i got the readable
> copy of SAM database before i take it offline.

Open user manager and enable auditing for "security policy changes"
Success / Failure. Next open server manager and highlight the PDC
and click on computer and synchronize entire domain. Next open
the system log of the event viewer and verify the synch was successful.
If you are still skeptical open a dos prompt on the BDC and run
net users and verify the accounts exist.

> 2.I have read somewhere that I need WINS to get the name
> resolved so as the system to see itslef when it tries to
> locate the domain controller, i have even copied the WINS
> database on a WINS server and placed them in the Test
> environment, but same results..BDC which was taken offline
> could not open up the database.

No only if it's a WINS Server. If the PDC is a WINS server
but doesn't point towards itself for it's primary and secondary
WINS server in it's tcp/ip properties it will not be able to locate
the PDC.
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

hi Michael,
sorry about the name confusion.
I think that is the only nmae which first came to my
mind..as i started looking onto SAM move all this morning.
Auditing is enabled and i did see the replication complete
message.Once it is taken offline i could see the user
account in "net user" ( before and after system shutdown
and taken to a different VLAN) But still the same thing.i
can't able to get to the GUI of User manager and Server
manager.

I am working with 2 domains ( so is 2 backup domain
controllers, one for each) i upgraded one BDC in one
domain to PDC while it was ON, just the network cable
unhooked...it got upgraded fine...so it points that SAM
file is there but GUI connection is impossible.


I need to see the accounts for my test lab.
WHat do you suggest ?
I have started building another pair for testing.

Thanks alot for your time.
thanks
GK
>-----Original Message-----
>Hi,
>The name is Michael not SAM. <g>
>Answers inline:
>
><anonymous@discussions.microsoft.com> wrote in message
news:
>> hi Sam,
>> Thanks for your input.
>> I have some more related questions<
>> 1.How would i check on a BDC whether i got the readable
>> copy of SAM database before i take it offline.
>
>Open user manager and enable auditing for "security
policy changes"
>Success / Failure. Next open server manager and
highlight the PDC
>and click on computer and synchronize entire domain.
Next open
>the system log of the event viewer and verify the synch
was successful.
>If you are still skeptical open a dos prompt on the BDC
and run
>net users and verify the accounts exist.
>
>> 2.I have read somewhere that I need WINS to get the name
>> resolved so as the system to see itslef when it tries to
>> locate the domain controller, i have even copied the
WINS
>> database on a WINS server and placed them in the Test
>> environment, but same results..BDC which was taken
offline
>> could not open up the database.
>
>No only if it's a WINS Server. If the PDC is a WINS server
>but doesn't point towards itself for it's primary and
secondary
>WINS server in it's tcp/ip properties it will not be able
to locate
>the PDC.
>
>
>.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

One of us is confused.. <g> Okay everything is synched
and the SAM is intact. Now open server manager and ignore
the message that states the "PDC cannot be found". Next in
server manager click on show and put a check mark next to
"show domain members only" now you should see all of the
computer accounts. Also make sure view / all is selected.

<anonymous@discussions.microsoft.com> wrote in message news:
> hi Michael,
> sorry about the name confusion.
> I think that is the only nmae which first came to my
> mind..as i started looking onto SAM move all this morning.
> Auditing is enabled and i did see the replication complete
> message.Once it is taken offline i could see the user
> account in "net user" ( before and after system shutdown
> and taken to a different VLAN) But still the same thing.i
> can't able to get to the GUI of User manager and Server
> manager.
>
> I am working with 2 domains ( so is 2 backup domain
> controllers, one for each) i upgraded one BDC in one
> domain to PDC while it was ON, just the network cable
> unhooked...it got upgraded fine...so it points that SAM
> file is there but GUI connection is impossible.
>
>
> I need to see the accounts for my test lab.
> WHat do you suggest ?
> I have started building another pair for testing.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

that is exactly what i am doing,but still nothing is
coming up on the screen.It is all blank.I am making a
second set of backup domain controllers, will see what
happens there ?
GK
>-----Original Message-----
>One of us is confused.. <g> Okay everything is synched
>and the SAM is intact. Now open server manager and ignore
>the message that states the "PDC cannot be found". Next
in
>server manager click on show and put a check mark next to
>"show domain members only" now you should see all of the
>computer accounts. Also make sure view / all is selected.
>
><anonymous@discussions.microsoft.com> wrote in message
news:
>> hi Michael,
>> sorry about the name confusion.
>> I think that is the only nmae which first came to my
>> mind..as i started looking onto SAM move all this
morning.
>> Auditing is enabled and i did see the replication
complete
>> message.Once it is taken offline i could see the user
>> account in "net user" ( before and after system
shutdown
>> and taken to a different VLAN) But still the same
thing.i
>> can't able to get to the GUI of User manager and Server
>> manager.
>>
>> I am working with 2 domains ( so is 2 backup domain
>> controllers, one for each) i upgraded one BDC in one
>> domain to PDC while it was ON, just the network cable
>> unhooked...it got upgraded fine...so it points that SAM
>> file is there but GUI connection is impossible.
>>
>>
>> I need to see the accounts for my test lab.
>> WHat do you suggest ?
>> I have started building another pair for testing.
>>
>
>
>.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

While the BDC is online you can view the list with
or without "show domain members" enabled?

<anonymous@discussions.microsoft.com> wrote in message news:
> that is exactly what i am doing,but still nothing is
> coming up on the screen.It is all blank.I am making a
> second set of backup domain controllers, will see what
> happens there ?
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

Hi Michael,
while BDC is online i can view the list with and without
the show domain members enabled.
There is one thing i am doing which i doubt might be a
culprit somewhere, i am installing service pack 6a right
on top of SP1...do i have to install SP4 first then
upgrade or will i still be able to go successfully from
SP1 to SP6a ?

thanks
GK

>-----Original Message-----
>While the BDC is online you can view the list with
>or without "show domain members" enabled?
>
><anonymous@discussions.microsoft.com> wrote in message
news:
>> that is exactly what i am doing,but still nothing is
>> coming up on the screen.It is all blank.I am making a
>> second set of backup domain controllers, will see what
>> happens there ?
>
>
>.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

No you can go straight to SP 6a. Try stopping the
netlogon service on the BDC while it is offline and
see if the names show up in the list.
<anonymous@discussions.microsoft.com> wrote in message news:
> Hi Michael,
> while BDC is online i can view the list with and without
> the show domain members enabled.
> There is one thing i am doing which i doubt might be a
> culprit somewhere, i am installing service pack 6a right
> on top of SP1...do i have to install SP4 first then
> upgrade or will i still be able to go successfully from
> SP1 to SP6a ?
>
> thanks
> GK
>
> >-----Original Message-----
> >While the BDC is online you can view the list with
> >or without "show domain members" enabled?
> >
> ><anonymous@discussions.microsoft.com> wrote in message
> news:
> >> that is exactly what i am doing,but still nothing is
> >> coming up on the screen.It is all blank.I am making a
> >> second set of backup domain controllers, will see what
> >> happens there ?
> >
> >
> >.
> >