dcpromp /forceremoval advice request

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

We set up a windows nt 4 web server years ago as a domain controller,
not knowing any better. We have since learned that a web server should
not be a domain controller due to increased security risk and
performance issues.

We recently upgraded the server to windows 2000. Now each time we log
into the console, dcpromo runs and invites us to setup active
directory. We have been hitting cancel while deciding how to proceed.

We want to get the web server to stand-alone status. Should we let
dcpromo setup active directory then remove it or should we immediately
run dcpromo with the /forceremoval switch?

Thanks in advance.

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Do not use the /forceremoval switch. This is an option of last resort that
will ungracefully rip off the directory service when all other options have
failed. It doesn't sound like you are at that stage yet.

When you upgrade an NT domain controller to Windows 2000 it is normal for
dcpromo to run immediately afterwards to complete the upgrade to a Windows
2000 DC. There is probably a startup item somewhere that keeps invoking
dcpromo every time you logon but I don't know exactly where this lives.
Perhaps you could try using Autoruns to find out where the command to run
dcpromo is and delete it.
http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml

Having said that, this may leave Windows thinking that it is in an
'unfinished' state. If your network allows it, the safest bet may be to
allow dcpromo to run and make the web server a DC, let replication occur and
then run dcpromo again to bring it down to a member server. I think this
would be the preferred option.

<ned@cop.ufl.edu> wrote in message
news:1104451376.658624.242850@c13g2000cwb.googlegroups.com...
> We set up a windows nt 4 web server years ago as a domain controller,
> not knowing any better. We have since learned that a web server should
> not be a domain controller due to increased security risk and
> performance issues.
>
> We recently upgraded the server to windows 2000. Now each time we log
> into the console, dcpromo runs and invites us to setup active
> directory. We have been hitting cancel while deciding how to proceed.
>
> We want to get the web server to stand-alone status. Should we let
> dcpromo setup active directory then remove it or should we immediately
> run dcpromo with the /forceremoval switch?
>
> Thanks in advance.
>