This section explains how to promote a server machine used in the installation environment to a domain controller, and also how to demote a server machine from a domain controller.
1) Perform backup
Perform a backup before promoting a machine to a domain controller or demoting a machine from a domain controller. Refer to "3.1 Backup" for an explanation of the backup procedure.
2) Register users
Confirm and record the users belonging to the local groups listed below. (This information recorded here will be used to return the server machine to the pre-promotion/demotion state if this operation is required after the machine has been promoted to or demoted from a domain controller.) The local group to confirm and the verification method are as follows:
[Local group]
swadmin
[Verification method]
The following menus can be used to confirm the local group:
For promotion
Open Control Panel and select Administrative Tools >> Computer Management >> System Tools >> Local Users and Groups >> Groups
For demotion
Open Control Panel and select Administrative Tools >> Active Directory Users and Computers >> Domain name >> Users
3) Perform promotion/demotion
Promote or demote the server machine to or from a domain controller. Refer to the relevant operating system manual for the promotion or demotion procedure.
4) Check/Set local group information
Check that the following local group is registered with the system. If it is not, create it. The local group to check and the checking and registration methods are explained below.
[Local group]
swadmin
[Verification method]
The following menus can be used to confirm the local group:
For promotion
Open Control Panel and select Administrative Tools >> Active Directory Users and Computers >> Domain name >> Users
For demotion
Open Control Panel and select Administrative Tools >> Computer Management >> System Tools >> Local Users and Groups >> Groups
[Registration method]
Open a command prompt window.
Run the following command to create the local group:
> net localgroup swadmin /ADD |
5) Delete unknown account information
Display the properties of the following directory in Explorer and delete any unknown accounts in the Group or user names in the Security tab.
[Directory]
Systemwalker installation directory\MpWalker.JM |
6) Set the required access permissions
In the same way as step 5) above, use Explorer to display the properties of the following directory and check that the following access permissions are set. Set any access permissions that are not set. The directory and access permissions to check and the setup method are explained below.
[Directory]
Systemwalker installation directory\MpWalker.JM |
[Access permissions]
Access permissions | |
|---|---|
swadmin | Full Control |
Administrators | Full Control |
SYSTEM | Full Control |
CREATOR OWNER | Full Control |
Users | Read & Execute |
Everyone (*1) | Modify |
Does not exist in Windows Server 2008 R2.
[Setup method]
Log in as a user belonging to the Administrators group.
Open a command prompt window.
Run the following command to set access permissions:
Systemwalker installation directory\MpWalker\bin\mpsetseco.exe /o |
7) Set users belonging to the local group
Set the users belonging to the following local group to the same state as in the confirmation results recorded in step 2) above. (Add or delete users as required.)
[Local group]
swadmin
8) Reset the job ownership definition
If the Execute jobs under the respective job owner's authority check box in the Options sheet of the Define Operating Information window is selected, reset the job ownership definition by defining the following items again:
Use the Define Job Owner's Information window to specify the password for the user ID that will submit jobs.
Assign the Log on as a batch job privilege to the user ID that will submit jobs.
