W2K3 lost local accounts on domain demotion?

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

We just had an instance where one of our W2K3 servers, which was in a domain,
was demoted from the domain to a workgroup and then again placed back into
the domain.

It appears that the local user accounts that were in place before all of
this changing, have been deleted.

Is this possible?

Thanks
Russ...
 
| We just had an instance where one of our W2K3 servers, which was in a
domain,
| was demoted from the domain to a workgroup and then again placed back
into
| the domain.

Your question is not clear. You can't demote a server in and out of a
domain. The server is either a member of the domain (a member server) or
its not a member of a domain (a stand-alone server). Thats not demotion,
thats just domain membership.

Demotion only applies to the transition from a DC to a member server,
both of which are in a domain (assuming that other DCs are maintaining
the domain's database). In other words, demotion implies that the state
change of the server does not affect the domain's own existance.

If you "had" only one DC and you demoted it, then you basicly zapped the
domain into the universal bit bucket. Thats not considered demotion
since the domain no longer exists. Its basicly a plain domain
destruction. Some call it demoting the domain.

While all of the above sounds like bickering over a simple term, its
not. You'll understand if you agree that taking a standalone server to
establish it as a DC in an existing domain actually requires 3 steps.

1) install server os and join a workgroup - standalone server
2) join a domain as a member server (which creates a computer account)
3) promote the member server to a DC (which copies the schema and db)

If you skip step 2 then you've created an entirely distinct domain which
only happens to have the same name as the original domain. Two distinct
domains with the same name will coexist perfectly in the same physical
network without a hitch. Even the respective dns zones, if properly
configured, will resolve correctly.

Consider this: W2K and W2K3 domains don't understand names (pay
attention - this is the key to your problem). Names are for human
consumption alone (exception: primitive dns resolution). W2K only sees
SIDs. A computer account is a SID. A domain is a SID. An OU is also a
SID. A user is a SID, etc. To a W2K or W2K3 domain: names mean nothing
at all.

The moral of the story is: don't expect to get a copy of the domain's
internals during promotion if you haven't joined it first.

|
| It appears that the local user accounts that were in place before all
of
| this changing, have been deleted.
|
| Is this possible?
|
| Thanks
| Russ...
 
Back
Top