You'll be fine. In general, deleting a client's subnet does not prevent them from logging on.
Thanks. � --Brian Desmond [EMAIL PROTECTED] Payton on the web! www.wpcp.org � v - 773.534.0034 x135 f - 773.534.8101 > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] On Behalf Of Meneses, Arturo > Sent: Thursday, October 14, 2004 9:27 AM > To: '[EMAIL PROTECTED]' > Subject: [ActiveDir] Deleting a subnet on a AD Site > > I have a domain that was originally setup in a public network and then was > moved to a private one. It has three public subnets and one private in the > Sites and Services mmc. > Are there any issues deleting the public ones? they're not being used > anymore internally. > > Thanks, > AM > > -----Original Message----- > From: Mulnick, Al [mailto:[EMAIL PROTECTED] > Sent: Thursday, October 14, 2004 8:08 AM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Unable to Promote a 2nd DC or Access Group > Policyon existing DC > > > As you were reading this, did you check the dcpromo log on the failed > promotion? > Are you trying to use the same domain controller name when you promote it? > > Are all of these domains in the same forest? If so, how's the FRS logs? > Any errors? > > Al > > P.S. GPRESULT.EXE from the reskit will tell you some information of value > about the applied policies. Also, have a look at this for some other > things > to check http://support.microsoft.com/?kbid=830062 > > I don't think I'd haul off and just implement this, but it's something to > consider. You'll want to test this stuff out before implementing it I'm > sure. You may also do well to call Microsoft support and have a more > in-depth look of your environment done. > > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rodney Gardiner > Sent: Wednesday, October 13, 2004 10:58 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Unable to Promote a 2nd DC or Access Group Policy > on existing DC > > Al, > > I understand the article to a degree. I understand that I am in over my > head > here. > > I understand it but just do not seem to be able to get it to work. > > > ********* From the article ************* > > To fix the problem: > > Make sure that existing domain controllers have applied security policy > and > that the Enable computer and users accounts to be trusted for delegation > user right has been granted to the Administrators group (Default Domain > Controller Policy / Computer Configuration / Windows Settings / Security > Settings / Local Policies). > > If a domain controller does not have this right, confirm that GPOs have > replicated, and then manually apply the policy by typing the following > command: > > secedit /refreshpolicy machine_policy > > NOTE: If the Application event log contains: > > Event ID 1704: Security Policy in the Group policy objects are applied > successfully. the GPOs have been appliced. > > If you're in a hurry, stop the Netlogon service on the source domain > controller that doesn't have this right, to discover another DC that does. > > ************************************ > > How do you check what it states to do in the first paragraph of "To fix > the > problem:"? > > I do not believe that I can get the second part to work as I do not > believe > that I can replicate as there is only 1 DC so to speak. Yes, there are > other > BDC's but they are all WinNT4.0. > > Anyway, I tried the "secedit /refreshpolicy machine_policy" and it stated > in > the DOS Screen to check the app log for any errors etc. Nothing appeared > in > the apps event log so far and it has been about an hour so I assume that > it > did not work. > > Any further help would be appreciated AL. > > Rodney > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Mulnick, Al > Sent: Wednesday, 13 October 2004 11:08 PM > To: '[EMAIL PROTECTED]' > Subject: RE: [ActiveDir] Unable to Promote a 2nd DC or Access Group Policy > on existing DC > > Yep, it's very likely that the two are related. > (here's a good reference of what's happening when and why I say the two > are > related: http://www.jsiinc.com/SUBG/TIP3000/rh3034.htm) > > You need to start by fixing the default policy issues. Deleting the > default > policy is not necessarily what you want to do, but rather it's the file > system you are working on. Re-read that article and see if it makes > better > sense today. If not, let us know. > > Meanwhile, is this a single domain environment? > > Al > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rodney Gardiner > Sent: Wednesday, October 13, 2004 3:22 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Unable to Promote a 2nd DC or Access Group Policy on > existing DC > > Well, I am hoping someone will be able to help me. I can not dcpromo > another > Win2000 Server on my network. > > I was originally able to do this but then active directory corrupted on > the > 2nd DC. This was then forced removed from being a DC. I used KB332199 and > KB216498 to do this. > > I have since tried doing a dcpromo to create another DC but receive the > following error at the end of the wizard when it states "The wizard is > configuring Active Directory. This process can take several > minutes......":- > > The operation failed because: Failed to modify the necessary properties > for > the machine account VLSSYDSHR1$ "Access is denied" > > This happens on ANY Win2000 machine that I try to promote with the only > difference being the account name. > > Second to this the Group Policy can not be accessed. Every time I try to > edit it on the only DC I receive the following error:- > > Failed to open the Group Policy Object. You may not have the appropriate > rights. > > Details: > The system can not find the path specified > > I have referred to KB253268 for this problem. > > I can see the {GUID} but do not really know what I am looking at. > > Is there a way of deleting the existing Default Group Policy and creating > a > new one? > > I have screen dumps of anything that may be required. Any help that can be > given would be very much appreciated. I am not sure if the two problems I > am > having are related to one another or not. > > Rodney > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > -- > ----------------------------------------------------------------------- > This message has been inspected by DynaComm i:mail 5.0 > ----------------------------------------------------------------------- > > -- > ---------------------------------------------------------------------- > FutureSoft, Inc. > 12012 Wickchester Lane, Suite 600 > Houston, TX 77079 > If you no longer want to receive commercial e-mail correspondence > from FutureSoft, you may remove your address from our records > by visiting www.futuresoft.com/emailremoval.asp > ---------------------------------------------------------------------- > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
