Move Windows NT servers to another domain or change from member to domain controller

  • Section(s): Network
  • Published on Apr 20, 2004.
  • Last Modified on Apr 20, 2004.
  • Last Modified by Wayne Maples.
  • Rated 3.8 out of 5 based on 5 votes.
domain controllers:

You can not move domain controllers from one domain to another. Remember that security is applied within the domain boundary. When you move a domain controller, you move its SAM and Security db. No can do.

OK. OK. Thats Microsoft's party line. There are 3rd party tools to do this. The function is controlled by registry settings. I am still not comfortable with them but I am waffling. In particular, U-Promote looks interesting. It lets you demote a domain controller to a member server and promote a member server to a domain controller. If the servers stay under tight physical controls,

www.sysinternals.com has released the freeware utility, NewSID , which has SIDsynchronizing features. The domain controllers within a domain share the common domain SID. Using NewSID, logon to the BDC to be moved, run NewSID, click Synchronize SID and enter the name of the PDC for the new domain. I would then reboot the BDC and synchronize the new BDC with its new PDC.

I haven't used these tools yet in a real environment. The process seems reasonable. I am a little more likely to use these techniques. Its just that I keep coming back to the core issue:

The domain controller is the heart of NT security.

member servers :

Member server (additional servers) have its own security context just like a workstation and can easily be moved from domain to domain. Go ahead. Start / Setting / Control Panel / Network

NT 2000 is supposed to supports such moves. But NT2000 uses the directory as it security model, not the domain.

Change BDC to standalone/member server :

There are advantages in servers having access to the domain SAM. A simple approach is to disable the BDCs netlogon service so it will not act as a domain controller. Equivalent to standalone server with a common SAM.

About Wayne Maples

Share this article


Article not looking right or info is missing? Let us know so that we can fix it: .


Receive all the latest articles by email!

Receive Real-Time & Monthly WindowsNetworking.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowsNetworking.com member!

Discuss your network issues with thousands of other network administrators. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred Help Desk solution?