demote a domain controller

  • Thread starter Thread starter M K W
  • Start date Start date
M

M K W

Hello,

I have Win2000 server which was a Domain Controller. Now I want to stop it
as a domain controller (i did some upgrades and i dont want this server to
be a DC) I removed the network cable from it. Now i want to demote it, but
the problem is I cant remember the password of the administratrator on the
local machine, and I am not able to change it from users and groups, it is
saying that I cant change the password on a DC and I am afraid that if I
demoted it I cant login as Administrator on Local machine.
is there a way to solve this issue??
any help would be highly appreciated
 
Domain controllers do not have local accounts, if it is the last DC in
the domain, then you'll probably need to get your hands on a password
recovery/reset utility after it's demoted.
If you still have a functioning domain, you will still be able to log
on with the domain admin account after you demote it, and then you'll
have access to the local user accounts to reset the administrator
password.
Another option in lieu of password recovery/reset if it's the last DC
would be to build a second, temporary DC, so that you would still have
a domain admin account to access the box after you demote it. Once you
reset the local admin, then you can demote and remove your temporary DC.
 
Tnak you for your reply, well no it is not my last domain, I have a 3 DCs,
but this one was the main, but it is making troubles, so I put another one
as main and I removed the cable of the one making troubles from the network,
I dont want to put it back on the network to avoid problems, but i want to
demote it then use it as member group, but as I said no admin password on
local machine.can I do anything before putting it on network while it still
as a DC?
 
I guess it would depend on the nature/severity of the problems that it
is causing. If you've removed all of the FSMO roles, then from my
perspective the two most viable options are:
1. Put the server back on the network long enough to do a DCPROMO and
downgrade him back to a member server. You can then use your domain
admin credentials to reset the local admin account. If the problems
that the server is causing are severe enough that this option is
unworkable, then I would proceed with option 2.
2. From the functioning DC, remove the problem server from the domain,
then rebuild the server.
Even if you had the local admin password, it will be useless until you
can demote him back to a member server.
 
Back
Top