Chan,
I would suggest that you install DNS on the second DC. I am hoping that
your DNS is Active Directory integrated? Additionally, I might suggest that
you make the second DC a Global Catalog Server as well. This is handled
through the Active Directory Sites and Services MMC. Please look at the
following link to see how to do this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;313994&Product=win2000
I presume that you have a smaller, one Site environment where making both
DCs a Global Catalog Server will not result in excessive replication.
Chan, there is no longer any Primary or Secondary Domain Controller in
WIN2000 like there is in WINNT 4.0. In WIN2000 Active Directory, all Domain
Controllers are equal ( well.... ). There are, however, five FSMO roles
that, by default, are placed on the first DC in the Forest. These five FSMO
roles are Schema Master, Domain Naming Master ( both of there are
Forest-wide ), PDC Emulator, RID Master and Infrastructure Master ( these
last three are Domain-wide ).
It is better to have two Domain Controllers in your environment. If one
crashes then the other continues to handle the load. Additionally, if one
crashes then you still have your AD as there is a second DC ( redundancy )
You might need to either seize or transfer any FSMO roles from the crashed
DC to the remaining DC but this is very simple and straight forward.
Is the original DC - the one against which you are claiming that all users
are authenticating - by chance a WINNT 4.0 upgrade? This would explain why
all WIN2000 machines are using this Domain Controller. By the way - how
have you verified that all users are using DC01 for authentication? Have
you gone to each PC and entered 'set l' at a command prompt? Or possibly
used a logon script to give you this information?
If this DC is indeed an upgrade from WINNT 4.0 then please take a look at
the following MSKB Articles:
http://support.microsoft.com/default.aspx?scid=kb;en-us;284937
http://support.microsoft.com/default.aspx?scid=kb;EN-US;298713
Make sure that this issue is addressed before you proceed.
So, now to your question: if you want to remove the first DC from being a
DC then I would suggest that you transfer all of the FSMO Roles that it
might hold to the newer DC ( install the Support Tools and run netdom query
fsmo at a command prompt to determine which DC holds which roles - and then
look at the two MSKB Articles below for instructions on how to do this ).
Then I would "un-make" ( new word! ) this DC a Global Catalog Server. Then
you can run dcpromo to remove it from being a Domain Controller.
http://support.microsoft.com/default.aspx?scid=kb;en-us;255504&Product=win2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;255690&Product=win2000
Make sure that everything happened as it is supposed to. If there are any
problems then take a look at using ntdsutil and adsiedit to correct this.
take a look at the following MSKB Article for this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;216498
I would add a second Domain Controller to your environment as quickly as
possible so that you have redundancy!
HTH,
Cary
