Okay I've resolved my own question. A second domain
controller being present having all FSMO roles transferred means that clients
will continue to be able to authenticate regardless of the fact that the
previous FSMO role holder is demoted. I guess it never hurts to have
someone expand on it though :-)
Please anyone feel free to give your
$.02.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Wassell
Sent: Saturday, February 28, 2004 12:08 PM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] KDC Change
I'm in the process of demoting a DC in a Windows 2003 domain which was a roleholder for all FSMO roles. I have moved every role (including GC) to the new DC which is going to be the temporary role holder until the previous DC is rebuilt. Running a dcdiag /v shows that the only role referring to the previous DC is the "KDC Name" role. I am thinking that this has something to do with Kerberos authentication but I am unaware of any method to change the role. I will be researching a solution before I demote the DC of course but I thought that someone may be able to shed some light :-)
Have a great weekend everyone!
