On the PDC, run ADPREP from the Windows Server 2003 R2 Disk2 CD, the path is \CMPNENTS\R2\ADPREP. This will update your schema to allow you to connect a Server 2003 R2 server as a DC by using DCPROMO. Ensure replication between your PDC and your new R2 server, and then force demote the failing DC. Instructions for that can be found here: http://technet.microsoft.com/en-us/library/cc781245%28WS.10%29.aspx The main thing to remember is to go through the AD metadata and cleanup any trace of the failed DC. After that I would transfer all the FSMOs from your current SP2 DC to the new R2 DC and then upgrade the SP2 server to R2. You want your DC's all to be running the same OS with the same service packs and patches. ________________________________________________ Mike Miller Network Services Information Technology Center College of Veterinary Medicine Michigan State University A227 VetMed Center East Lansing, MI 48824 [log in to unmask] Phone: (517) 353-5551 Fax: (517) 432-2937 >>> "Vasquez, Timo" <[log in to unmask]> 7/29/2009 1:24 PM >>> I may have missed this, but the DC with the problem was just that a DC/ Backup DC not a primary is that right? Can your users login and get out to the internet just fine? If your other functions are solid with your new 2003 PDC, you really don't need to worry about the other box if it was just for Backup Purposes. So you could just upgrade or decommission that box period without ill effect. Hmmm. Timoteo "Timo" Vasquez - AIS Client Server Team [log in to unmask] - 353.4420 Ext.249 Michigan State University 2 Administration Building East Lansing, MI 48824-1046 From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Jon Galbreath Sent: Monday, July 27, 2009 10:50 AM To: [log in to unmask] Subject: Re: [MSUNAG] Demoting DC that can't replicate I would drop the firewalls on the PDC and failing DC and see if replication occurs. If so, your firewall is too restrictive. I've had this problem before. http://support.microsoft.com/kb/555381 this kbase article is a good guide for setting the File Replication services to use a specific port to make the firewall configuration a snap to maintain. Just assign a static port to the service, then add that exclusion to your firewall rules. To drop the firewall if you're enforcing it with a GPO, just run 'net stop sharedaccess' at the command prompt. Also, the Security Configuration Wizard works wonders for automatically configuring the required exclusions on the firewall, based on what services are running on the server. Jon Galbreath MCSE/Security+ Systems Administrator International Studies and Programs Ph: 517-884-2144 [log in to unmask] From: MSU Network Administrators Group [mailto:[log in to unmask]] On Behalf Of Jesse Howard Sent: Monday, July 27, 2009 10:26 AM To: [log in to unmask] Subject: [MSUNAG] Demoting DC that can't replicate I have an old domain controller that has been having DNS and replication errors for some time now. The PDC in the domain was recently brought up to windows 2003 server service pack 2, and now replication with the failing DC is completely gone. The current PDC is holding all FSMO roles. My question is; can I safely ADPREP the domain, DCPROMO a new DC (2003 R2), and then demote the old DC that can't replicate? Thanks, Jesse Howard _______________________ IT Administrator Michigan State University Press [log in to unmask] <mailto:[log in to unmask]> www.msupress.msu.edu <http://www.msupress.msu.edu/>