Confused NT box.

Discussion in 'OT Technology' started by BigPaul, Apr 2, 2007.

  1. BigPaul

    BigPaul New Member

    Joined:
    Sep 4, 2006
    Messages:
    670
    Likes Received:
    0
    So the company I work for used to have 2 NT domain controllers. There are now 2 win2k3 DC’s, the NT boxes were turned into file servers. I setup a login script to help me gather information for an audit. Apparently the old NT DC’s still think they are DC’s and users are authenticating against them. So I’m getting like half of my PC’s hitting the audit login script and the other half are getting nothing.



    Anyone know why this would be happening? What can I do short of unplugging the NT boxes to make them stop excepting connections from users?
     
  2. JayC71

    JayC71 Guest

    How were the 2 Win2K3 DCs introduced? New domain or as DCs in the existing domain? You can't un-promote an NT server, you have to reinstall the OS. If it was once a DC, it's still a DC. Are the Win2K3 DCs replicating with the NT DCs?
     
  3. P07r0457

    P07r0457 New Member

    Joined:
    Sep 20, 2004
    Messages:
    28,491
    Likes Received:
    0
    Location:
    Southern Oregon
    dcpromo should allow you to demote a domain controller.
     
  4. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Might as well rebuild the machines anyway. Windows NT Server is WAY outdated, and Windows Server 2003 can create shadow copies of files so users can undo accidental deletes and overwrites -- a key feature for file servers to have.
     
  5. JayC71

    JayC71 Guest

    dcpromo was introduced with Win2K, doesn't exist in NTland.

    If they're currently DCs, shut them down and do a metadata cleanup of their AD objects, then install Win2K3 on them and use them as fileservers.
     
  6. BigPaul

    BigPaul New Member

    Joined:
    Sep 4, 2006
    Messages:
    670
    Likes Received:
    0
    I was not here when the 2k3 machines were introduced. but I'm pretty sure they were just promoted to PDC and SDC. I was afraid that I would have to remove them from the network. maybe I will just have to come in on the weekends and reformat them.

    Thanks for the info guys.
     
  7. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Wait...which machines are "them" in your post: the NT machines or the WS2k3 machines? You should keep the newer domain controllers as they are and reformat the older machines.
     
  8. BigPaul

    BigPaul New Member

    Joined:
    Sep 4, 2006
    Messages:
    670
    Likes Received:
    0
    Yeah... have to reformat the NT machines on the weekend.

    I got to thinking though. if the NT machines are still DC's then why isnt my GP with the login script being pushed to them?
     
  9. deusexaethera

    deusexaethera OT Supporter

    Joined:
    Jan 27, 2005
    Messages:
    19,712
    Likes Received:
    0
    Because they're fake DCs. They're orphaned at this point.

    Just wipe them and all will be well.
     
  10. BigPaul

    BigPaul New Member

    Joined:
    Sep 4, 2006
    Messages:
    670
    Likes Received:
    0
    Cool... its going to suck... but guess thats what I need to do :coolugh:
     
  11. JayC71

    JayC71 Guest

    Group Policy does not apply to NT servers, it wasn't introduced until Win2K. NT servers look to the NETLOGON share for their logon scripts. Regardless, you're better off getting rid of them.
     

Share This Page