Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

dcpromo and user accounts

Status
Not open for further replies.
iolair

iolair

IS-IT--Management
Oct 28, 2002
965
US
When I did a dcpromo back in Windows 2003, you had to recreate all the user accounts depending on which way you were going, promote or demote. In 2008, is the same true? That is, if you're demoting a DC back to a workgroup computer, do you have to re-enter all the users in the local users' database to allow them access to the server?

I'm hoping Microsoft decided to let you "migrate" users from local accounts to AD accounts and vice versa.

Thanks.

Iolair MacWalter
Network Engineer
 
Sort by date Sort by votes
Probably not. Typically when you are doing a DCPROMO you are doing one of four things:

1. Creating the first DC in a new domain/forest. In this case there would be no users and you would be making a clean start.

2. Promoting a new server to a DC role within an existing domain. In this case the users would already exist in the directory and be replicated to the new DC after promotion as part of the initial replication.

3. Demoting an existing DC to a member server (usually as a prelude to retiring it altogether). In this case the domain users would continue to exist in the domain and be stored in the directory on other DCs.

4. Demoting the last DC from a domain as part of a domain decommission. In this case any users that existed in the domain should have already been migrated to a new domain or removed altogether.

There is no best-practice use case for needing to migrate workgroup users from a local user account to a domain account or vice versa. You should follow standard account migration practices, as anything that used the workgroup or domain account SIDs to entitle or restrict access should need to be re-ACLed anyway.

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator
 
Upvote 0 Downvote
Great. I'm trying to demote my current DC so that I can create a new DC with the new domain name we've been given. Is it possible to rename a domain?

Iolair MacWalter
Network Engineer
 
Upvote 0 Downvote
The answer is: it depends. If you don't have Exchange 2007 or later, you can generally rename a domain. If you have Exchange 2007 or later, renaming is not supported (and generally breaks things).

Do you have your Tek-Tips.com Swag? I've got mine!.

Stop by the new Tek-Tips group at LinkedIn.
 
Upvote 0 Downvote
And to add to Pat's comment, using the RENDOM utility and procedure isn't totally straightforward, and there's still going to be a fair amount of cleanup involved.

Is there a reason that the name of the domain is being changed? In my experience it's usually more trouble than it's worth, so I try to advise clients to choose an internal domain name that will stand up over time. A lot of times they want to change the name of the domain because the name of the company has changed. In those cases they often hadn't considered that they can have separate DNS domains and namespaces for their internal and external networks.

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator
 
Upvote 0 Downvote
Thanks, guys. I work for a government agency, and the domain name change is coming down from above. We were .state.ms.us and they are changing to ms.gov and in order for us to integrate, we need to change. Luckily, this will be the final and only change. DNS seems to be working fine with the new name, and our Exchange is hosted by the main site, so it's not a problem. I suppose we could keep the original .state.ms.us, and that would present its' own issues, but not insurmountable. Thanks again.

Iolair MacWalter
Network Engineer
 
Upvote 0 Downvote
Is it only the public presence that needs to change (web, email, etc)? If so, renaming the AD domain isn't needed. I seldom see a need for an AD rename. Only during migrations/acquisitions/divestitures do I see it. Rebranding just requires changes for IIS, DNS, and Exchange.

Do you have your Tek-Tips.com Swag? I've got mine!.

Stop by the new Tek-Tips group at LinkedIn.
 
Upvote 0 Downvote
I work for a government agency, and the domain name change is coming down from above. We were .state.ms.us and they are changing to ms.gov and in order for us to integrate, we need to change.
Click to expand...

Politicians. Can't live with them, can't live witout--hey, wait a minute...

________________________________________
CompTIA A+, Network+, Server+, Security+
MCTS:Windows 7
MCSE:Security 2003
MCITP:Server Administrator
MCITP:Enterprise Administrator
MCITP:Virtualization Administrator 2008 R2
Certified Quest vWorkspace Administrator
 
Upvote 0 Downvote
Yep, that's right. Fortunately, things are going smoothly so far, and all is well.

Iolair MacWalter
Network Engineer
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
266
DrB0b
DrB0b
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
96
penguinroundup
penguinroundup
bechna
  • Locked
  • Question
Windows Server and VPN Setup
Replies
1
Views
105
DrB0b
DrB0b
goombawaho
  • Locked
  • Question
How to open Change user role for user accounts wizard
Replies
2
Views
84
goombawaho
goombawaho
geneg28
  • Locked
  • Question
Active Directory and Linux Servers
Replies
0
Views
81
geneg28
geneg28

Part and Inventory Search

Sponsor

Back
Top