Making a BDC a PDC on a different DOMAIN

mikeb

Distinguished
Jan 14, 2003
41
0
18,530
Archived from groups: microsoft.public.windowsnt.domain (More info?)

I have a BDC currently on Domain1. I want to take this machine, have it
unjoing Domain1 and put it in its own domain - Domain2...that will be empty.
I would like it to be PDC --- but I doubt that is possible. Basically I
want to secure this old BDC "away" from the member domain of Domain1 so I
could also be happy with it being a plain old member server in Domain2 with
no PDC just as long as the security is stand alone there.

This server is becoming a test server with access to the Internet so I would
like to sand box the security.

--
Thank You very much.
Michael
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

You cannot do this without a reinstall. NT4 domain controllers must be made
this way during the installation. There is a 3rd part tool called Upromote
that could do this for you.

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

"MikeB" <mikeb@comcity.com> wrote in message
news:ufCZzTfXEHA.3612@tk2msftngp13.phx.gbl...
> I have a BDC currently on Domain1. I want to take this machine, have it
> unjoing Domain1 and put it in its own domain - Domain2...that will be
empty.
> I would like it to be PDC --- but I doubt that is possible. Basically I
> want to secure this old BDC "away" from the member domain of Domain1 so I
> could also be happy with it being a plain old member server in Domain2
with
> no PDC just as long as the security is stand alone there.
>
> This server is becoming a test server with access to the Internet so I
would
> like to sand box the security.
>
> --
> Thank You very much.
> Michael
>
>
 

mikeb

Distinguished
Jan 14, 2003
41
0
18,530
Archived from groups: microsoft.public.windowsnt.domain (More info?)

Well what happens when you have a BDC join a different domain...?

--
Thank You very much.
Michael

"Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in message
news:ufwaCGgXEHA.644@tk2msftngp13.phx.gbl...
> You cannot do this without a reinstall. NT4 domain controllers must be
made
> this way during the installation. There is a 3rd part tool called Upromote
> that could do this for you.
>
> --
> Scott Harding
> MCSE, MCSA, A+, Network+
> Microsoft MVP - Windows NT Server
>
> "MikeB" <mikeb@comcity.com> wrote in message
> news:ufCZzTfXEHA.3612@tk2msftngp13.phx.gbl...
> > I have a BDC currently on Domain1. I want to take this machine, have it
> > unjoing Domain1 and put it in its own domain - Domain2...that will be
> empty.
> > I would like it to be PDC --- but I doubt that is possible. Basically I
> > want to secure this old BDC "away" from the member domain of Domain1 so
I
> > could also be happy with it being a plain old member server in Domain2
> with
> > no PDC just as long as the security is stand alone there.
> >
> > This server is becoming a test server with access to the Internet so I
> would
> > like to sand box the security.
> >
> > --
> > Thank You very much.
> > Michael
> >
> >
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

In theory you could remove the BDC out of domain 1
and promote it to primary then change the domain to
domain 2 but the two domains won't be able to
communicate with each other because of duplicate
SIDs or security ids.

"MikeB" <mikeb@comcity.com> wrote in message
news:ufCZzTfXEHA.3612@tk2msftngp13.phx.gbl...
> I have a BDC currently on Domain1. I want to take this machine, have
it
> unjoing Domain1 and put it in its own domain - Domain2...that will be
empty.
> I would like it to be PDC --- but I doubt that is possible. Basically
I
> want to secure this old BDC "away" from the member domain of Domain1
so I
> could also be happy with it being a plain old member server in Domain2
with
> no PDC just as long as the security is stand alone there.
>
> This server is becoming a test server with access to the Internet so I
would
> like to sand box the security.
>
> --
> Thank You very much.
> Michael
>
>
 

mikeb

Distinguished
Jan 14, 2003
41
0
18,530
Archived from groups: microsoft.public.windowsnt.domain (More info?)

Ok, but can I change the BDC to a member server only....in other words
demote it. Then, have it joing a new domain of which it is the only member
of and use only local security. Having the security of the machine be local
only is fine. However, I do need people form Domain 1 to be able to log
into the machine --- although, a local admin account would be ok not great
though.

Reinstalling NT is a bear because of the viruses and patches....you could be
infected before you finish the install....!

--
Thank You very much.
Michael

"Michael Giorgio - MS MVP" <Michael.Giorgio@NoSpam.mayerson.com> wrote in
message news:#j6VAEtXEHA.3716@TK2MSFTNGP10.phx.gbl...
> In theory you could remove the BDC out of domain 1
> and promote it to primary then change the domain to
> domain 2 but the two domains won't be able to
> communicate with each other because of duplicate
> SIDs or security ids.
>
> "MikeB" <mikeb@comcity.com> wrote in message
> news:ufCZzTfXEHA.3612@tk2msftngp13.phx.gbl...
> > I have a BDC currently on Domain1. I want to take this machine, have
> it
> > unjoing Domain1 and put it in its own domain - Domain2...that will be
> empty.
> > I would like it to be PDC --- but I doubt that is possible. Basically
> I
> > want to secure this old BDC "away" from the member domain of Domain1
> so I
> > could also be happy with it being a plain old member server in Domain2
> with
> > no PDC just as long as the security is stand alone there.
> >
> > This server is becoming a test server with access to the Internet so I
> would
> > like to sand box the security.
> >
> > --
> > Thank You very much.
> > Michael
> >
> >
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

No...see my first post......

--
Scott Harding
MCSE, MCSA, A+, Network+
Microsoft MVP - Windows NT Server

"MikeB" <mikeb@comcity.com> wrote in message
news:OjngtWuXEHA.3716@TK2MSFTNGP10.phx.gbl...
> Ok, but can I change the BDC to a member server only....in other words
> demote it. Then, have it joing a new domain of which it is the only
member
> of and use only local security. Having the security of the machine be
local
> only is fine. However, I do need people form Domain 1 to be able to log
> into the machine --- although, a local admin account would be ok not great
> though.
>
> Reinstalling NT is a bear because of the viruses and patches....you could
be
> infected before you finish the install....!
>
> --
> Thank You very much.
> Michael
>
> "Michael Giorgio - MS MVP" <Michael.Giorgio@NoSpam.mayerson.com> wrote in
> message news:#j6VAEtXEHA.3716@TK2MSFTNGP10.phx.gbl...
> > In theory you could remove the BDC out of domain 1
> > and promote it to primary then change the domain to
> > domain 2 but the two domains won't be able to
> > communicate with each other because of duplicate
> > SIDs or security ids.
> >
> > "MikeB" <mikeb@comcity.com> wrote in message
> > news:ufCZzTfXEHA.3612@tk2msftngp13.phx.gbl...
> > > I have a BDC currently on Domain1. I want to take this machine, have
> > it
> > > unjoing Domain1 and put it in its own domain - Domain2...that will be
> > empty.
> > > I would like it to be PDC --- but I doubt that is possible. Basically
> > I
> > > want to secure this old BDC "away" from the member domain of Domain1
> > so I
> > > could also be happy with it being a plain old member server in Domain2
> > with
> > > no PDC just as long as the security is stand alone there.
> > >
> > > This server is becoming a test server with access to the Internet so I
> > would
> > > like to sand box the security.
> > >
> > > --
> > > Thank You very much.
> > > Michael
> > >
> > >
> >
> >
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

You can change the domain name to match another
domain but it won't join the domain i.e., replicate the
domain SAM database because of a unique SID or
security id. The SID is generated during PDC
installation and is domain specific. You can use a
third party application e.g., newsids which changes
the SID to match the existing domain you want to
join.

"MikeB" <mikeb@comcity.com> wrote in message
> Well what happens when you have a BDC join a different domain...?
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

So disconnect yourself from the Internet during the install.... or even
better, run a firewall on your network.......!


"MikeB" <mikeb@comcity.com> wrote in message
news:OjngtWuXEHA.3716@TK2MSFTNGP10.phx.gbl...
> Ok, but can I change the BDC to a member server only....in other words
> demote it. Then, have it joing a new domain of which it is the only
> member
> of and use only local security. Having the security of the machine be
> local
> only is fine. However, I do need people form Domain 1 to be able to log
> into the machine --- although, a local admin account would be ok not great
> though.
>
> Reinstalling NT is a bear because of the viruses and patches....you could
> be
> infected before you finish the install....!
>
> --
> Thank You very much.
> Michael
>
> "Michael Giorgio - MS MVP" <Michael.Giorgio@NoSpam.mayerson.com> wrote in
> message news:#j6VAEtXEHA.3716@TK2MSFTNGP10.phx.gbl...
>> In theory you could remove the BDC out of domain 1
>> and promote it to primary then change the domain to
>> domain 2 but the two domains won't be able to
>> communicate with each other because of duplicate
>> SIDs or security ids.
>>
>> "MikeB" <mikeb@comcity.com> wrote in message
>> news:ufCZzTfXEHA.3612@tk2msftngp13.phx.gbl...
>> > I have a BDC currently on Domain1. I want to take this machine, have
>> it
>> > unjoing Domain1 and put it in its own domain - Domain2...that will be
>> empty.
>> > I would like it to be PDC --- but I doubt that is possible. Basically
>> I
>> > want to secure this old BDC "away" from the member domain of Domain1
>> so I
>> > could also be happy with it being a plain old member server in Domain2
>> with
>> > no PDC just as long as the security is stand alone there.
>> >
>> > This server is becoming a test server with access to the Internet so I
>> would
>> > like to sand box the security.
>> >
>> > --
>> > Thank You very much.
>> > Michael
>> >
>> >
>>
>>
>
>
 

mikeb

Distinguished
Jan 14, 2003
41
0
18,530
Archived from groups: microsoft.public.windowsnt.domain (More info?)

Ok, if I purchase Upromote.....will there be a problem with the SID's not
matching as the other posts suggest.

Domain1/BDC --> Domain2/PDC

--
Thank You very much.
Michael

"Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in message
news:ufwaCGgXEHA.644@tk2msftngp13.phx.gbl...
> You cannot do this without a reinstall. NT4 domain controllers must be
made
> this way during the installation. There is a 3rd part tool called Upromote
> that could do this for you.
>
> --
> Scott Harding
> MCSE, MCSA, A+, Network+
> Microsoft MVP - Windows NT Server
>
> "MikeB" <mikeb@comcity.com> wrote in message
> news:ufCZzTfXEHA.3612@tk2msftngp13.phx.gbl...
> > I have a BDC currently on Domain1. I want to take this machine, have it
> > unjoing Domain1 and put it in its own domain - Domain2...that will be
> empty.
> > I would like it to be PDC --- but I doubt that is possible. Basically I
> > want to secure this old BDC "away" from the member domain of Domain1 so
I
> > could also be happy with it being a plain old member server in Domain2
> with
> > no PDC just as long as the security is stand alone there.
> >
> > This server is becoming a test server with access to the Internet so I
> would
> > like to sand box the security.
> >
> > --
> > Thank You very much.
> > Michael
> >
> >
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

Hi Mike,

This program allows you to demote the DC to
a member server then join any domain you want
it to be a member of.

Michael

"MikeB" <mikeb@comcity.com> wrote in message
> Ok, if I purchase Upromote.....will there be a problem with the SID's
not
> matching as the other posts suggest.
>
> Domain1/BDC --> Domain2/PDC
>
> --
> Thank You very much.
> Michael
 
G

Guest

Guest
Archived from groups: microsoft.public.windowsnt.domain (More info?)

To expand a bit. I've never used U-promote
so I am not sure exactly whether it allows you
to move a DC to an existing domain by changing
the SIDs but you can demote it to member server,
join the new domain and then promote it to a DC
using U-promote.

"MikeB" <mikeb@comcity.com> wrote in message
news:eZRyeJ5XEHA.1144@TK2MSFTNGP10.phx.gbl...
> Ok, if I purchase Upromote.....will there be a problem with the SID's
not
> matching as the other posts suggest.
>
> Domain1/BDC --> Domain2/PDC
>
> --
> Thank You very much.
> Michael
>
> "Scott Harding - MS MVP" <scrockel@**NO_SPAM**hotmail.com> wrote in
message
> news:ufwaCGgXEHA.644@tk2msftngp13.phx.gbl...
> > You cannot do this without a reinstall. NT4 domain controllers must
be
> made
> > this way during the installation. There is a 3rd part tool called
Upromote
> > that could do this for you.
> >
> > --
> > Scott Harding
> > MCSE, MCSA, A+, Network+
> > Microsoft MVP - Windows NT Server
> >
> > "MikeB" <mikeb@comcity.com> wrote in message
> > news:ufCZzTfXEHA.3612@tk2msftngp13.phx.gbl...
> > > I have a BDC currently on Domain1. I want to take this machine,
have it
> > > unjoing Domain1 and put it in its own domain - Domain2...that will
be
> > empty.
> > > I would like it to be PDC --- but I doubt that is possible.
Basically I
> > > want to secure this old BDC "away" from the member domain of
Domain1 so
> I
> > > could also be happy with it being a plain old member server in
Domain2
> > with
> > > no PDC just as long as the security is stand alone there.
> > >
> > > This server is becoming a test server with access to the Internet
so I
> > would
> > > like to sand box the security.
> > >
> > > --
> > > Thank You very much.
> > > Michael
> > >
> > >
> >
> >
>
>