Active Directory Problem

[spencer]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I am at a site where they had an existing 2000 Domain.
It included a F&P Win2000 server that was the master.
A 2003 server was installed and took over as the Master.
The old 2000 server was then DCPromo'd and rebuilt as a second 2003 server
and upgraded to a DC.
There is still one 2000 server running Exchange2000 and is also a DC. This
will be updated to Win2003 and Exchange 2003 server but only after this first
problem is sorted.
I am aware ADPREP was not run on the new 2003 servers pre their installation
to the domain
I think this may be related to the problems I am now seeing. The permissions
over the domain are in a bit of a mess and all the user data on the new 2003
servers appears READ ONLY.
But the data on the Windows 2000 server is read and writable.
Can I run ADPREP on both the 2003 servers DC post the server instal. i.e now ?
Will this repair the problems ?
Or is it a manual repair job ?

One of the 2003 servers also runs SQL2000.
This does not need to be a DC so can I,
after the problems are resolved, demote it ?

Thanks for your time.

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Spencer,

I am not sure that I follow your thought process, sorry! ;-)

Just to clarify things a bit for you:

You do not run adprep /forestprep and adprep /domainprep on a WIN2003
Controller. You run adprep /forestprep on the WIN2000 Domain Controller
that holds the FSMO Role of Schema Master under an account that is part of
the Schema Admins so that you can 'update' the WIN2000 Schema to accommodate
the WIN2003 Domain Controller ( essentially updating it from 13.ldf to
30.ldf ). You then run adprep /domainprep on the WIN2000 Domain Controller
that holds the FSMO Role of PDC Emulator. Then you can add WIN2003 Domain
Controllers to that WIN2000 AD environment ( or not... ).

Due to the potential for mangled attributes if you are running Exchange 2000
you would need to run the script offered in the MSKB Article that I have
mentioned below:

http://support.microsoft.com/?id=314649

The permissions 'problem' is simply the more enhanced security that is built
in to the newer NOS. This is a share / NTFS issue. You have really not
explained just what your problem is. It would appear from what you have
written that no one changed the default permissions ( probably someone who
assumed that the permissions were Everyone @ Full Control - like in
WIN2000 ).

You might want to give us some more information or contact someone with more
experience. Not trying to be harsh...just does not seem like you have grasp
on this yet....

--
Cary W. Shultz
Roanoke, VA 24014
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"Spencer" <Spencer@discussions.microsoft.com> wrote in message
news:2FAD9745-A8B4-41FE-A8F4-01AE5468D57E@microsoft.com...
>I am at a site where they had an existing 2000 Domain.
> It included a F&P Win2000 server that was the master.
> A 2003 server was installed and took over as the Master.
> The old 2000 server was then DCPromo'd and rebuilt as a second 2003
> server
> and upgraded to a DC.
> There is still one 2000 server running Exchange2000 and is also a DC. This
> will be updated to Win2003 and Exchange 2003 server but only after this
> first
> problem is sorted.
> I am aware ADPREP was not run on the new 2003 servers pre their
> installation
> to the domain
> I think this may be related to the problems I am now seeing. The
> permissions
> over the domain are in a bit of a mess and all the user data on the new
> 2003
> servers appears READ ONLY.
> But the data on the Windows 2000 server is read and writable.
> Can I run ADPREP on both the 2003 servers DC post the server instal. i.e
> now ?
> Will this repair the problems ?
> Or is it a manual repair job ?
>
> One of the 2003 servers also runs SQL2000.
> This does not need to be a DC so can I,
> after the problems are resolved, demote it ?
>
> Thanks for your time.