Wow, lot's of questions here. Let's see if we can sort them out. See
below...
In
Majstor said:
1) DC1 was installed in "mixed" mode (upgraded from NT Server). May
domain name be changed to DNS format? How to do that and can it cause
problems on Domain, DNS etc.?
You can also install an NT4 BDC into this domain as long as it's still in
MIXED mode. Then dump the AD boxes DC's. promote the NT4 to a PDC, set the
DNS suffix to your new DNS domain name that you want, then upgrade it to
W2k, it will promote it to a DC and during the process, make absolutely sure
you state the new DNS name, which would have been the name you made the
suffix to be.
If not in Mixed mode, then I just posted this for another poster with a
similar issue. Here is a copy of it:
======================
It maybe better to just perform this on the DCs. For your W2k clients, the
benefit of making this change is so they can logon using the UPN method and
find services by DNS queries. Unfortunately it won't work with XP. XP Pro
cannot handle single label name lookups be design. Not sure if there will be
a fix for that in the future either. They will only be able to logon with
the legacy method and not with using the UPN method.
Depending on your scenario, it maybe worth changing the domain name. If a
small network, you can install a fresh DC with the new name, and use the
ADMT tool to migrate all your users, groups and computers to the new domain.
Then once verified the resources are moved over and accessible, we can
retire the other DCs and resinstall/promote them to a new DC in the new
domain. Exchange 2k slightly complicates this. For that, we need to install
a fresh Ex2k in the new domain, use the ExMerge utility to pump the old
mailboxes into a PST and pump them into the new Exchange server. Since the
user names will be identical due to migrating with ADMT, the mailbox will
line up perfectly.
=========================
2)
SP 4 is only on DC2. DC1 is with SP3. Would it help to downgrade to
SP3 on DC2?
No because you'll want to stay on top of latest security updates and other
fixes/upgrades the SPs offer. This would not be a good long term solution.
Is it where "_MSDCS" , "_SITES", "_TCP" folders are, or.... If so, the
answer is NO.
That is totally unfortunate. The fix in the article will help with this, as
long as, of course, that updates are enabled and the zone name in DNS
matches whatever the AD and Primary DNS suffix is.
It is not that bad if I may try anything of these solutions, but I
simply must not gamble.
Is it safe to change reg. settings on both DCs as stated in article,
and would it solve the problem?
It is safe to do that, but as I previously mentioned, it will NOT help any
XP Pro clients. They are just not designed to work with single label names,
hence this is just a bandaid and not really a long term solution.
Is it safe to use DCPROMO with
/forceremoval switch?
Depends on what you mean safe? The thing is not properly working anyway at
the moment.
Would it not help to reconfigure DNS server on DC2. I noticed that in
"Forward lookup zones/ZONENAME Properties" on DC1 there is no DC2
registered neither as NAME SERVER nor A record.
Because DC2 is not registering due to the single label name and SP4.
If I add it would it
change something?
The SRVs associated with DC2 will register.
Also in "Forward lookup zones/ZONENAME Properties/
Primary Server" on both DNS server points to local DNS, i.e. DC1`s
Primary server is DC1 and DC2`s is DC2.
Should be:
on DC1:
1st is DC2
2nd is DC1
on DC2:
1st is DC1
2nd is DC2
This eliminates some issues. Too long to explain in addition to answering
everything else here!
I repeat, as I am not expert in AD and DNS I would not do anything to
corrupt current Domain.What if I reinstall DC2 as a member server
(ewith different name). How would surviving DC1 react to missing DC2?
Any problems on Domain?
React? If properly demoted, no problem. If forced, you would have to perform
a MetaData cleanup to remove the references to DC2 from the AD database.
216498 - HOW TO Remove Data in Active Directory After an Unsuccessful Domain
Controller Demotion:
http://support.microsoft.com/?id=216498
216364 - Domain Controller Server Object Not Be Removed After Demotion:
http://support.microsoft.com/?id=216364
I intended to put this new box as gateway to Internet with ISA, but
now that it is DC, would it be safe? And how to protect DC from
Internet abusers?
I wouldn't use a DC for this purpose. Besides being exposed, the DNS
registration process with the two NICs in it complicates things and can
cause problems with lookups for clients. Suggest to use a standalone. It
doesn't have to be a powerful box, depending on the # of users.
I would be ideal to have BDC as with NT, so we`d have read-only AD
database and no local security. Can it be configured with W2000 DC?
Read my comments in the beginning of this response.
Sorry for so many words and thank you very much for cooperation!
Vladimir
Hope that helps. Suggest if not comfortable with this to hire a contractor
who is experienced and knowledgeable in this area.
--
Regards,
Ace
Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.
Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
