It doesn't remove domain accounts because you have an NT4 BDC in the domain still (step 1).
-------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Bruce Clingaman [mailto:[EMAIL PROTECTED] > Sent: Thursday, January 08, 2004 9:15 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Changing domain name/joining a > forest or parent d omain > > > > I doubt this would work in my senario (step 1) since I am > running 2003 in > native-mode. > > Also, I am in doubt about your statement in the third > paragraph "demote ALL > of your current Windows 2000 DCs to member servers. This > procedure will > retain all current users, groups, and computers." I was > thinking that the > demoting process removes all the domain accounts. > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Rick Kingslan > Sent: Wednesday, January 07, 2004 8:47 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Changing domain name/joining a > forest or parent > d omain > > > Bruce, > > I've been very successful with this method, but it does > involve some risk > (and nerves of steel) - but it can be mitigated. It's not a > completely > supported method, although there used to be a KB article on > it. Might still > be there, but I'm not sure (and, not inclined to look.... ;o) > > There is a key requirement - you must still be in a > mixed-mode, not native. > I.E. you must still be able to support Windows NT 4.0 BDCs. > If you can't - > stop here, read no further, and delete the message - because > what I'm about > to outline will be of no help at all. > > There is one other key element - you must be willing to > demote ALL of your > current Windows 2000 DCs to member servers. This procedure > will retain all > current users, groups, and computers. > > 1. Build a Windows NT 4.0 BDC in your 'DN' domain > 2. Go to the Protocol options and DNS - set the host and domain name, > domain to DN.COM > 3. Force a synch of the domain (NET ACCOUNTS /SYNC) with the > Win2k DC (for > good measure - let it bubble for a while... I like 24 hrs.) > 4. If you have only one DC, jump to Step 7 > 5. Select the DC with, or transfer all roles to one DC. > 6. DCPromo down all other DCs via Start / Run / 'dcpromo' - > each DC, at > completion will be a member server. > 7. Disconnect the last Win2k DC from the network. DCPromo > the DC via Start > / Run / 'DCPromo'. After it restarts, it will be a member of > a workgroup. > You can rejoin it to the domain at this point, if you choose. > 8. From Server Manager in NT 4.0, upgrade the BDC to a PDC. If it > complains that it cannot find a PDC, choose to proceed. > 9. Go to the Protocol options and DNS - set the host and domain name, > domain to DN.COM > 10. On the NT 4.0 PDC that you just promoted, upgrade to > Windows 2000, and > when DCPromo starts, choose to name it the DN.COM domain. > 11. Other member servers that you wish to promote to DCs, you > can now run > DCPromo to add them as additional DC in an existing domain. > > It would be wise around step 8 - 9 to review DNS. The DN > domain and zone > file will be no longer relevant, and you will need the DN.COM > domain. Be > sure that DNS will be able to receive and manage the new > domain and zone > files. If not, be prepared to allow DCPromo and the > processes therein to > create a DNS server for you. But, I suspect that you must > already have one > - as you clearly already have AD.... > > I hope this helps, Bruce. It's fairly easy, but can be a bit > tense as you > literally eviscerate your current domain. > > Good luck! Let us know how this works out! > > Rick Kingslan MCSE, MCSA, MCT > Microsoft MVP - Active Directory > Associate Expert > Expert Zone - www.microsoft.com/windowsxp/expertzone > WebLog - www.msmvps.com/willhack4food > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Bruce Clingaman > Sent: Wednesday, January 07, 2004 4:36 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Changing domain name/joining a > forest or parent d > omain > > > That's an idea that may fit our needs since the child domain > needs to be > kept separate from the parent anyway. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Mulnick, Al > Sent: Wednesday, January 07, 2004 4:20 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Changing domain name/joining a > forest or parent d > omain > > > Have you considered a multi-forest deployment? It's not > pretty, but may be > worth it depending on your requirements. > > Al > > -----Original Message----- > From: Bernard, Aric [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 07, 2004 4:47 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Changing domain name/joining a > forest or parent > domain > > If you are working with a Windows 2000 or 2003 domain then there is no > supported method to do this. If your domain is Windows NT > then you could > upgrade the domain and in the process join it to an existing > Windows Active > Directory forest as a child domain as you described below. > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Bruce Clingaman > Sent: Wednesday, January 07, 2004 8:42 AM > To: ActiveDir (E-mail) > Subject: [ActiveDir] Changing domain name/joining a forest or > parent domain > > > I have a stand alone domain (flat name, dn not dn.com) and I > need to 'join' > a forest or parent domain, 'parent.com', so then the name would read > dn.parent.com instead of just dn. > > I would hate to have to rebuild the entire directory if I > didn't have to. > > Any suggestions? > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > > > List info : > http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
