Discussion in 'MCSE' started by Nettransplant, Nov 28, 2003.

  1. So, if the administrator on the first DC in the domain is the default EFS
    recovery agent and
    my office grows to 5 DCs and 100 users with EFS folders all over the place
    for various reasons
    AND I demote the first DC because it is an old PC and tooooo slow
    Where does the EFS recovery keys go?
    Nettransplant, Nov 28, 2003
  2. Nettransplant

    Herb Martin Guest

    It's not the "Adminstator on the first DC" but rather the "first
    on the Domain".

    DCs don't have local accounts (when operating as DCs), but rather the
    is a domain account.

    (DCs do have a private SAM or local accounts database that is ONLY ACTIVE
    when they are booted into either the "Recovery Console" or in "Directory
    Restore mode". The admin account there has no domain privileges or
    except maintenance on the DC.)
    Herb Martin, Nov 28, 2003
  3. Thanks, clear now.

    Nettransplant, Nov 29, 2003
  4. Nettransplant

    Herb Martin Guest

    BTW, Does everyone remember (all of) their DC "local admin passwords"?

    Good practice says this should NOT be the same as the Domain Admins,
    and probably shouldn't be the same on more than one DC.

    Since it is seldom used (if things go right), it is essential to REMEMBER
    DC local password (or even write it down and lock it up.)
    Herb Martin, Nov 29, 2003
  5. Nettransplant

    Roger Abell Guest

    And I might add, the name the Adminsitrator account
    was renamed to be. Remember, local security policy
    does have an effect on this account in the local SAM.
    Roger Abell, Nov 30, 2003
