Before doing anything that drastic, check the event logs on both servers. With the server inside the DMZ being behind closed ports, its hidden account password may be out of sync with the DC inside the network. MS has a Knowledge Base article about how to change the hidden machine account password (can't remember the article number off the top of my head). Find the article and follow the instructions to change the machine account password before you do anything else.
The reason I know about this issue is that I deleted some profiles from one of my home domain controllers and messed up my primary account profile. I performed a non-authoritative restore on that server and lost the ability to have secure connectivity with my other DC. Following the article corrected the problem. Basically, on the 'good' DC (in your case, the one inside your network, not the one in the DMZ) you open a command prompt and run a specific command with specific arguments. I've slept too many times since I did this to my machine, but the process worked like a charm. I was able to do whatever I needed from that point on using either DC. Kenneth W. (Ken) Adams, MCSA, MCSE -----Original Message----- From: Frank Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 12:51 PM To: ActiveDir (E-mail) Subject: [ActiveDir] More move Schema Master A hypothetical.. Say I find that I simply cannot move the Schema Master role from the server sitting in the DMZ. I have tried everything, and nothing works. What would be the downside of running ADPREP /FORESTPREP on that server, and proceeding with the 2003 upgrade as planned? Anything? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/