Thanks Deji.
I understand.
I will re-examine the event log in the morning and plan for a demotion over
the weekend.
besides removing the reference from AD/DNS/Sites, is there something else i
should do or look to remove the reference ?
Also, should i change the IP address ? This i really don't want to do if i
really don't have to... ?
Thanks.
On 11/16/06, Akomolafe, Deji <[EMAIL PROTECTED]> wrote:
I believe I recommended this early on in the thread. Sometimes, it's
easier (wiser) to not fight the fire. Demote, clean it out of AD/DNS/Sites.
If you have the luxury, wipe and reinstall the box, otherwise, just do a
rename of the box. Renaming it is strongly recommended unless you have
scripts and applications into which you have hard-coded the name.
Sincerely,
_____
(, / | /) /) /)
/---| (/_ ______ ___// _ // _
) / |_/(__(_) // (_(_)(/_(_(_/(__(/_
(_/ /)
(/
Microsoft MVP - Directory Services
www.akomolafe.com - we know IT
*-5.75, -3.23*
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
------------------------------
*From:* hboogz
*Sent:* Thu 11/16/2006 7:35 PM
*To:* [email protected]
*Subject:* Re: [ActiveDir] Kerberos is Killing Me!
AD sites.
3 one including the DR-site.
regarding the question about demoting then promoting...if i have to go
that route, should i keep the same server name ?
On 11/16/06, Laura A. Robinson <[EMAIL PROTECTED]> wrote:
>
> I apologize if I keep asking questions you've already answered, but how
> many sites are involved here?
>
> Of course, by the time this hits the list, any replication that hasn't
> yet occurred probably will have. :-)
>
> Laura
>
> ------------------------------
> *From:* [EMAIL PROTECTED] [mailto:
> [EMAIL PROTECTED] *On Behalf Of *hboogz
> *Sent:* Thursday, November 16, 2006 5:49 PM
> *To:* [email protected]
> *Subject:* Re: [ActiveDir] Kerberos is Killing Me!
>
> **Update***
>
> i changed the user account control attribute using the following
> direction:
>
> Did you follow:
> When using adsiedit:
> * Connect to the domain NC
> * Navigate to the Domain Controllers OU
> * Right click on the DC for which you want to change the
> UserAccountControl value and select properties
> * Goto the UserAccountControl attribute
> * You should see a value (from what you have described): 536576
> * Change that value to: 532480
>
> i teh followed the instructions found here: Re: access denied
>
>
>
http://technet2.microsoft.com/WindowsServer/en/library/22764cb5-9860-4f8f-95e7-337df24edf741033.mspx?mfr=true
>
> i did this from the phmaindc1 server
>
> net stop kdc
>
> clear ticket cache
>
> reset machine pawd
>
> open sites and services and forced replication with phprint -- which
> succeced
>
> opened replmon and synchronized with phprint1.
>
> net start kdc
>
> ran: repadmin /showreps.
>
> replication to phprint1 came up as succesfull
>
> however, i still get an error to the child domain indicating access
> denied.
>
> should i wait for AD replication for this to work ?
>
>
> --
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
>
>
--
HBooGz:\>
--
HBooGz:\>
