Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

What group membership is required to demote a Domain Controller??? 1

Status
Not open for further replies.
jfk8680

jfk8680

Technical User
Dec 20, 2002
116
NL
Hi,

I am currently reading the MS Press book Upgrading your certification to Windows 2003 (ISBN 0-7356-1971-9) and I am a bit confused about the part about demoting a Domain Controller on page 2-16. It states that certain group membership is required to remove Active Directory:

"To remove Active Directory from a system that is the last domain controller in any domain except the forest root, you must be a member of the Enterprise Admins group"

"To remove Active Directory from the last domain controller in a forest, you must be a member of the Domain Admins group"

If I understand correctly you "only" have to be a member of Domain Admins to remove the forest (last domain controller in a forest) but you'd need to be a member of Enterprise Admins to remove a domain from a forest. I expected this to be the other way around. Can someone explain the deeper thought behind this????

thanks,

Jeffrey
 
Sort by date Sort by votes
This needs to be posted in either the Active Directory or Windows Server 2003 forum.


Jeff
The future is already here - it's just not widely distributed yet...
 
Upvote 0 Downvote
I didn't mean to cross-post... I posted it here because I am studying for my MCSE 2003 and my question is directly related to topics from MS Press study material. If I understand you correctly this forum is just to discuss the certification itself and not the contents of it, right????

regards,

Jeffrey

Jeffrey Kusters

MCSA, MCSE, CCNA
 
Upvote 0 Downvote
Correct.


Jeff
The future is already here - it's just not widely distributed yet...
 
Upvote 0 Downvote
Not sure but assuming the book is correct I'd guess it's because removal of a domain from a forest is considered a forest-level operation so you need enterprise admin rights (or presumably domain admin rights in the root domain and child domain would also be sufficient?). When you're down to removing the root domain then if you have domain admin rights you must have root domain admin rights (as by definition the only remaining domain must be the root) which is what you need to remove AD. Another way of putting it is enterprise admin rights over and above domain admin rights are really only relelvant in multi-domain forests.

Of course the book could just be wrong ;)
 
Upvote 0 Downvote
FYI
This needs to be posted in either the Active Directory or Windows Server 2003 forum.
There is currently no AD forum.

Glen A. Johnson
If you're from Northern Illinois/Southern Wisconsin check out Tek-Tips in Chicago, Illinois Forum.

TTinChicago
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

BenniCo
  • Locked
  • Question
Hן I want to buy licenses for PABX
Replies
0
Views
339
BenniCo
BenniCo
Michel$
  • Locked
  • Question
hi guys , please, how to configu
Replies
0
Views
178
Michel$
Michel$
Nerd_Alert
  • Locked
  • Question
Nortel/Avaya ,Telecom & Shortel Meridian Equipment for alarms & Ring Central troubleshooting
Replies
0
Views
177
Nerd_Alert
Nerd_Alert
djtech2k
  • Locked
  • Question
Study Questions for Comptia A+
Replies
0
Views
227
djtech2k
djtech2k
surprises
  • Locked
  • Question
Avaya CMS certification
Replies
0
Views
187
surprises
surprises

Part and Inventory Search

Sponsor

Back
Top