Hope some of you gurus can help me out. I have 2 windows 2000 Advance Servers, one running as a Domain Controler and the second as a Backup Domain Controler. My Domain Controler crashed. The Backup Domain Controler works fine for Active Directory Auth and Permissions; however, I can't add any users because it serches for the DC to do name checking. I can't run dcpromo unless I convert my Backup DC to standalone. There has to be another way to establish the Backup Domain Controler as the Primary. Any help or suggestions would be much appreciated.

have yoiu tried stopping the replication services between the two servers, and then adding the new accounts, should work as the replication services is stoped so it wont look for the main dc, then when you dc is back on line start the service again, and they should update each other

Kroc, I'm not trying to be a jerk about this but... There is no such thing as a BDC or PDC in Win2k. Get that out of your head, it is just confusing you. That is NT4 terminology that does not apply anymore. If you intend to have any luck administering AD you'll need to learn some basic concepts. Then when you ask questions in here you'll be able to tell when a response is even close to accurate. Mark, there is no 'main dc' as you suggest. Kroc, in order to answer your question it would help to get some accurate info of your problem without you making assumptions as to what is wrong because when you say "I can't run dcpromo unless I convert my Backup DC to standalone" - it makes no sense. I'm not trying to pick on you but converting a DC to a standalone server is exactly what dcpromo does. To give you a little bit of background, all DCs in W2k are equals. There is no Primary DC. Accounts can be created on all DCs and are then replicated to the other DCs in the enterprise. What is it you are trying to do exactly? It's impossible to answer your question of - "There has to be another way to establish the Backup Domain Controler as the Primary" because, again, it is not possible. It just simply doesn't apply to a W2k domain.

Fair enough Glen. I was in a hurry last night and tried to cut some corners in my explanation in order that I might get the fastest response. True both w2k servers are full domain controlers. All I really want to do is run one Domain Controler for the time being. I am in the process of building a new DC to replace the one that crashed and once that is done I will have my replication and redundancy again. Thanks for your time.

Ok, that helps. What you might be experiencing is that the DC that help the operation masters, FSMO roles, such as schema master, PDC Emulator, etc are on the other DC. If that is the case and that DC will not be coming back up again, you can seize the roles. This is meant as a last resort and should only be done when the current DC holding those roles will not be coming back online, which appears to be your situation. Here you go... The first Microsoft Windows 2000 Active Directory domain controller in a forest is granted five FSMO roles when you run the Dcpromo.exe program and install Active Directory. There are two FSMO roles that are forest-wide and three that are per domain. If child domains are created, the two forest-wide roles do not change. A forest with two domains would have eight FSMOs; two for the forest and three domain specific FSMO roles in each domain. The five FSMO roles are: - Schema master - Forest-wide and one per forest. - Domain naming master - Forest-wide and one per forest. - RID master - Domain-specific and one for each domain. - PDC - PDC Emulator is domain-specific and one for each domain. - Infrastructure master - Domain-specific and one for each domain. To move the FSMO roles from one computer to another, you can use two different methods. The first method is a transfer and is the method that is recommended. You can use the first method if both computers are running. Use the second method if the FSMO roles holder is offline. The second method requires you to use the Ntdsutil.exe tool to seize the roles. NOTE: Only seize the FSMO roles to the remaining Active Directory domain controllers if you are removing the FSMO role holder from the domain or forest. To seize or transfer the FSMO roles by using Ntdsutil, follow these steps: 1. On any domain controller, click Start, click Run, type "ntdsutil" (without the quotation marks) in the Open box, and then click OK. NOTE: Microsoft recommends that you use the domain controller that is taking the FSMO roles. 2. Type "roles" (without the quotation marks), and then press ENTER. NOTE: To see a list of available commands at any of the prompts in the Ntdsutil tool, type "?" (without the quotation marks), and then press ENTER. 3. Type "connections" (without the quotation marks), and then press ENTER. 4. Type "connect to server " (without the quotation marks), where is the name of the server you want to use, and then press ENTER. 5. At the server connections: prompt, type "q" (without the quotation marks), and then press ENTER again. 6. Type "seize " (without the quotation marks), where is the role you want to seize. For a list of roles that you can seize, type "?" (without the quotation marks) at the Fsmo maintenance: prompt, and then press ENTER, or consult the list of roles at the beginning of this article. For example, to seize the RID Master role, you would type "seize rid master" (without the quotation marks). The one exception is for the PDC Emulator role, whose syntax would be "seize pdc" and not "seize pdc emulator". NOTE: All five roles need to be in the forest. If the first domain controller is out of the forest then seize all roles. Determine which roles are to be on which remaining domain controllers so that all five roles are not on only one server. Microsoft recommends that you only seize all roles when the other domain controller is not returning to the domain, otherwise fix the broken domain controller with the roles. If the original domain controller with the FSMO roles is still online, transfer the roles. Type "transfer " (without the quotation marks). 7. After you seize or transfer the roles, click "q" (without the quotation marks), and then press ENTER until you quit the Ntdsutil tool. NOTE: Do not put the Infrastructure Master role on the same domain controller as the global catalog. To check if a domain controller is also a global catalog server: 1. Click Start, point to Programs, point to Administrative Tools, and then click "Active Directory Sites and Services". 2. Double-click Sites in the left pane, and then browse to the appropriate site or click Default-first-site-name if no other sites are available. 3. Open the Servers folder, and then click the domain controller. 4. In the domain controller's folder, double-click NTDS Settings. 5. On the Action menu, click Properties. 6. On the General tab, locate the Global Catalog check box to see if it is selected. For additional information about FSMO roles, click the article numbers below to view the articles in the Microsoft Knowledge Base: Q197132 Windows 2000 Active Directory FSMO Roles Q223787 Flexible Single Master Operation Transfer and Seizure Process NOTE: Do not put the Infrastructure Master (IM) role on the same domain controller as the global catalog server. If the Infrastructure Master runs on a global catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a global catalog server holds a partial replica of every object in the forest. Good luck.

Thanks for the detailed and timely response. It is, most definitly, the information I am looking for and it fixed my situation.

Cool. Hope things go well.