You're talking about NETDOM. I tried that, it made no difference. I also ran NETDOM query fsmo on the trusted server, it is seeing the server in the DMZ fine. And I ran dcdiag /v on both servers, both are fine. Microsoft recommends that I bring the server inside to move the role off. This may be my only option at this point. I really want to get that role out of the DMZ. I don't want a DC out there period.
-----Original Message----- From: Adams, Kenneth W (Ken) [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 1:14 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] More move Schema Master Before doing anything that drastic, check the event logs on both servers. With the server inside the DMZ being behind closed ports, its hidden account password may be out of sync with the DC inside the network. MS has a Knowledge Base article about how to change the hidden machine account password (can't remember the article number off the top of my head). Find the article and follow the instructions to change the machine account password before you do anything else. The reason I know about this issue is that I deleted some profiles from one of my home domain controllers and messed up my primary account profile. I performed a non-authoritative restore on that server and lost the ability to have secure connectivity with my other DC. Following the article corrected the problem. Basically, on the 'good' DC (in your case, the one inside your network, not the one in the DMZ) you open a command prompt and run a specific command with specific arguments. I've slept too many times since I did this to my machine, but the process worked like a charm. I was able to do whatever I needed from that point on using either DC. Kenneth W. (Ken) Adams, MCSA, MCSE -----Original Message----- From: Frank Buechler [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 04, 2004 12:51 PM To: ActiveDir (E-mail) Subject: [ActiveDir] More move Schema Master A hypothetical.. Say I find that I simply cannot move the Schema Master role from the server sitting in the DMZ. I have tried everything, and nothing works. What would be the downside of running ADPREP /FORESTPREP on that server, and proceeding with the 2003 upgrade as planned? Anything? List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
