Pretty sure with Windows 2003 you can use icacls.exe to reset the permissions and restore them accordingly.
Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: Don Ely [mailto:[email protected]] Sent: Wednesday, July 21, 2010 2:47 PM To: NT System Admin Issues Subject: Re: Removing missing DC metadata Run xcalcs to get the perms then and you can rerun it to put them back if they disappear... On Wed, Jul 21, 2010 at 11:45 AM, Jim Slattery <[email protected]> wrote: Exactly my concern. Another option I've considered is to rename the file server, then run the steps, then rename it back. (We have processes that copy files both to and from this server based on servername). Jim Slattery Systems Administrator, MEDEX Global Group 410-308-7931 From: Erik Goldoff [mailto:[email protected]] Sent: Wednesday, July 21, 2010 2:41 PM To: NT System Admin Issues Subject: RE: Removing missing DC metadata But if a file server and removed from the domain, aren't domain-specific permissions lost when removed from the domain ? Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' From: Don Ely [mailto:[email protected]] Sent: Wednesday, July 21, 2010 2:30 PM To: NT System Admin Issues Subject: Re: Removing missing DC metadata +1 remove the server from the domain, run the steps, add it back and you should be fine... On Wed, Jul 21, 2010 at 11:18 AM, Don Guyer <[email protected]> wrote: I think if you move the current computer into a workgroup, make the changes in AD, then put it back into the domain you'll be fine. Others may have additional input. Don Guyer Systems Engineer - Information Services Prudential, Fox & Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 [email protected] From: Jim Slattery [mailto:[email protected]] Sent: Wednesday, July 21, 2010 2:11 PM To: NT System Admin Issues Subject: Removing missing DC metadata We have a file server that shares a name with an old DC that failed. Instead of removing the metadata for the DC, someone just installed a new server with the same name. That name now unfortunately is held by our main file server. I need to remove the DC metadata, but need to leave the server up and running. My question is this... if I run this kind of operation: http://www.petri.co.il/delete_failed_dcs_from_ad.htm <http://www.petri.co.il/delete_failed_dcs_from_ad.htm> or http://support.microsoft.com/kb/216498 <http://support.microsoft.com/kb/216498> ...is the current server still going to be in the domain as a member server? I haven't slept well in a few days, and I'm exhausted, so if the answer to this question is obvious, please don't beat up on me too much. I just don't want to create more problems while trying to solve another. TIA Jim Slattery Systems Administrator, MEDEX Global Group 410-308-7931 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
