Child domain logging on problem

[mlnrao]

I have installed Win 2k srver with one Parent domain and one child domain, if PDC is not available BDC was able to authenticate users into the domain,now the Customer has moved Child domain to new independent n/w, and now the users are not able to Logon to n/w.

DHCP service is running and users are getting the IP,
I tried to remove ADS throgh dcpromo and it is not allowing me to complete the process as PDC is not available.

Thanks in advance

Lakshmi Narayana Rao

 

[GrnEyedLdy]

Not exactly clear on all the facts here,

First, when you refer to PDC and BDC -- (since these terms do not apply to Windows 2000, which has multimaster replication)-- I am unsure which machines you are refering to. (Perhaps the root DC and a DC in the child domain)?

When you say "now the Customer has moved Child domain to new independent n/w"...what exactly do you mean?

When you say "now the users are not able to Logon to n/w"...are you refering to users in the child domain?

Maybe just a tad more info, and I bet someone on here could help you out.

Patty

 

[GlenJohnson]

I'm with patty, this is a bit confusing. Do you mean they can log onto one domain, but not n/w? I'm reading into this because you said clien't are getting ip from dhcp, so they would have to log onto somebody for authentication. Little more info please. Thanks. Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com


"A person often meets his destiny on the road he took to avoid it."
Jean de La Fontaine (1621-1695); French poet.

 

[mlnrao]

Exactly, the BDC server itself was moved to onether n/w.

when PDC was not available from BDC the users were able to logon to domain, now the PDC and BDC are on different n/w.

Iwas not able to uninstall ADS, as PDC was not available.

Thanks for reply

 

[GlenJohnson]

Still confusing. W2K doesn't have PDC's or BDC's, only Domain Controllers. Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com


"Great souls have wills; feeble ones have only wishes."
Chinese Proverb.

 

[GrnEyedLdy]

Mlnroa,

Ok, if you mean by PDC -- the parent Domain Controller, and by BDC -- a Domain Conroller in a child domain...and if these machines are now on different subnets, they will need to be setup with a default gateway in order to communicate.

If you are attempting to uninstall Active Directory from the child Domain Controller, you will need to reach the parent Domain Controller in order to do so, hence the need for a gateway...

Hope this helps as I am still unsure of your setup.

Patty

 

[mlnrao]

Hi, all of u got confused i will explain setup once again.

There was a setup of two w2k servers (one PDC and one BDC)
Customer wanted to use BDC server as a PDC for their differnt branch at different location away from this network.There is no link between these two severs.
Customer has has physically moved the sever(BDC) with out detaching from PDC.

Now the users trying to connect to BDC server(new network)
are not logon to domian using PDC server.

my question is same users(PC's ) were able to logon to BDC in old network while PDC was not available, why not now?

Pl suggest me in unistalling ADS from the BDC server.

Thanks a lot,
Lakshmi Narayana Rao

 

[brontosaurus]

Lakshmi, you're still not really answering the questions that Glen or the GreenEyedLady (great song...btw) asked of you...that said, let's try to clear things up.
1) You said "there is no link between these 2 servers...". Do you mean now that they're in different locations, they can no longer communicate with each other?
2) You refer to these servers as PDC and BDC. Without getting into the whole "no such thing...", were these servers domain controllers in the SAME domain?
3) In the new location, I will assume you can ping the moved server?
4) Is the moved server a Global Catalog?
5) What FSMO roles does the moved server own?

Please answer these questions directly, it will help...thanks

 

[mlnrao]

brontosaurus &GrnEyedLdy
thanks a lot ur intrest.
1) You said "there is no link between these 2 servers...". Do you mean now that they're in different locations, they can no longer communicate with each other

Yes, u are right.

2) You refer to these servers as PDC and BDC. Without getting into the whole "no such thing...", were these servers domain controllers in the SAME domain?

I am not refering to PDC/BDC in NT terms, i mean to say PDC refers to first ADS server, and BDC refereed to child domain.

3) In the new location, I will assume you can ping the moved server?

No, sowhat i told there is no link between two servers.

4) Is the moved server a Global Catalog?
No

5) What FSMO roles does the moved server own?
Iam not clear with FSMO rules.

Thanks a lot
LakshmiNarayana Rao

 

[brontosaurus]

OK, so you're still referring to a CHILD domain. Let's clarify that further. Say your "PDC" was in DOMAIN.COM, are you saying that your "BDC" was a member of CHILD.DOMAIN.COM ?

 

[mlnrao]

yes, brontosaurus
u are right.

I think u are feeling that setup was too complicated, there is no such compucation, simply one of the DC server was moved to other network, thats all.
my only question was "ADS reconfiguration of a member DC to make it a PDC".

I hope now u are clear

LakshmiNarayanaRAo

 

[GrnEyedLdy]

You will first need to remove the Child DC (CHILD.
DOMAIN.COM) from the Active Directory of the Parent/Root Domain. (DOMAIN.COM). (Simply run DCPROMO and demote the CHILD.DOMAIN.COM Domain Controller to a member server).

In order to do this you must have communication between CHILD.DOMAIN.COM and DOMAIN.COM, as the Active Directory Root DC for the Domain you are trying to leave must be contacted in order to remove the referneces to the Child.

If there is no way for you to establish a connection between these machines, you can always re-install the CHILD.DOMAIN.COM machine. After re-installation, you can do as you want with this machine, (as it will have no references to the previous Active Directory structure). However, you will have to clean up the Active Directory of the Root Domain Controller (DOMAIN.COM) to remove any references to the 'long lost child'. To do this you will use the NTDSUTIL (NT Directory Services Utility) at the command prompt, and do a Metadata Cleanup.

Does this make sense? Let us know if you need a little more help or if I have misunderstood your post.

Patty

 

[GlenJohnson]

GrnEhedLdhy is correct about the connection. If you can't ping, then you are out of luck. There has to be communication for anything to work. DCPROMO is the way to go. Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com


"What really happens is trivial in comparison to what could occur."
Robert von Musil (1880-1942); Austrian author.

 

[mlnrao]

Thanks a lot GrnEyedLdy,
You perfectly understood my problem,
what u told is right, i have done a change to ADS is Child domain , that is i made it to "native mode" in ADS properties, then it started it working as a standalone DC other than that nothing was reconfigured in ADS, really i wondered how it can happen , but now its working fine.
After cahnging to native mode also ADS is not uninsatlling.

I heard we can change NT (Win NT 4.0) PDC to BDC by making some Regsitry modification ?
Any details on that ???
thanks a lot all of u,
LakshmiNarayana