Robert, as far as I can see, if you have only one domain,  only root domain in 
the forest, and you think you will newer connect these DC:
1)  make both DC а global catalog servers, 
2)  disconnect them, so you would be able on both of them seize FSMO roles 
which they are missing - the KB article is here: 
http://support.microsoft.com/default.aspx?scid=kb;en-us;255504 
(you should be certain, that they are disconnected before you begin) 

3) Then remove the disconnected DC on the both sides, like if they were failed. 
There is a KB article, how to remove DC after unsuccessful demotion:
http://support.microsoft.com/default.aspx?scid=kb;en-us;216498
  
  Note, I never did this myself, so check every my suggestion.

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Robert Oytun
Sent: Wednesday, January 26, 2005 8:41 AM
To: [email protected]
Subject: RE: [ActiveDir] Seperating two domain controllers with in the
same domain


Bert and Paul,

Thank you for all your help, my priory is to sync two DCs but if the link
keeps failing, I have to separate two DCs. I have just restarted both
servers seems like they are synchronizing again. 

But I really need a detailed documentation to separate two DCs and place
them in two separate domains. I was unable to locate such doc. If you find
it please let me know.

Thank you again. 

Robert Oytun

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Bernard, Aric
Sent: Tuesday, January 25, 2005 12:24 PM
To: [email protected]
Subject: RE: [ActiveDir] Seperating two domain controllers with in the same
domain

Robert,

My guess is that know one on this list will recommend doing what you
suggest.  Creating to stove pipes of similar data would not be desired
by any organization especially when the data does not have a specific
technical need (e.g. security) to be separated.

Is it possible?  Yes I suppose, so long as you never want those two DCs
to communicate together again and the clients supported by one DC will
never have to access the resources supported by the other DC.  Also keep
in mind that the two DCs, and separate domains/forests they create, will
never be able to trust the same third party nor will they be able to
share the same DNS or WINS infrastructure.  Quite honestly the only
"safe" way to do this is to ensure that the networks they sit on are
completely isolated from each other.

More importantly it is not likely that this "solution" will solve you
endpoint mapper issues.  I would suggest working to solve the endpoint
mapper issues instead.

Regards,

Aric


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of roberto
Sent: Tuesday, January 25, 2005 12:12 PM
To: [email protected]
Subject: [ActiveDir] Seperating two domain controllers with in the same
domain

Folks,

I have a quick question, I have two DCs on in Los Angeles, one in San
Diego.

The one in LA is the catalog server, the one in SD is the DC, and they
are both running Windows 2000 servers.

I would like to seperate two servers, and create two seperate domains.

The reason is DC are loosing sync capebilities, for example somethimes
we can not join new computers to domain, we get an "end point mapper is
not available" error, when we get this error we restart servers,
everything goes back to normal.

We have to do tabove restart procedires almost every week.

So I would like to seperate two DC,s and create two new ones without
loosing the AD data, user info ect.

Is this possible?

Thank you,

RObert Oytun 




________________________________________________________________
Sent via the WebMail system at oytun.com


 
                   
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/


__________ NOD32 1.982 (20050125) Information __________

This message was checked by NOD32 antivirus system.
http://www.nod32.com


List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/List.aspx
List FAQ    : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to