Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Demoting servers from a domain 1

Status
Not open for further replies.
hcrider

hcrider

IS-IT--Management
Apr 19, 2006
33
0
0
US
Hi gang.

We've been having problems with servrs in multiple locations communicating with each other. We've just about got it all hammered out, but we have one server that doesn't want to play fair. It is not connected to the network right now and we want to demote it from a domain controller and promote it again. The problem is that it still has remnants of another DC that it keeps trying to recognize. I've tried using the ntdsutil, but it won't allow me to demote it as it believe it is not the last DC in the forest. Is there anyway to demote it without connecting it back to the network? I'm afraid to becuase it will try to communicate with the other servers and start causing problems again.
 
Sort by date Sort by votes
You won't be able to properly demote it without connecting it back to the network. You can use the ntdsutil and ldp.exe (nice tool, has a gui interface) to remove the entries from active directory and rebuild the server from scratch and rejoin it to the domain.


Start, Help. You'll be surprised what's there. A+/MCP/MCSE/MCDBA
 
Upvote 0 Downvote
If you intend to never put the DC on your network again, you will need to seize any FSMO roles it currently holds. After seizing the roles, you are not allowed to put the DC back on your network in it's current condition (will need to wipe the OS on it and reinstall).

Start, Help. You'll be surprised what's there. A+/MCP/MCSE/MCDBA
 
Upvote 0 Downvote
Seaspray,

I was able to demote it using dcpromo /forceremove. It seems to have worked, but I'm a bit concerned about lingering data. I renamed it and rejoined it to the domain and the logs haven't shown any problems. Is there a way to remove the old name from the domain without having to reconnect the server under the old name?
 
Upvote 0 Downvote
miguelmiggs,

Thanks, that seemed to work. Using ntdsutil, I thought you had to set the connection to the failed server in order to use it. You only need to connect to any server in the domain to remove it and it should replicate to the others.

Thanks everyone!!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
189
goombawaho
goombawaho
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
134
gbaughma
gbaughma
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
80
ADB100
ADB100
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
144
DrB0b
DrB0b
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
165
fredmartinmaine
fredmartinmaine

Part and Inventory Search

Sponsor

Back
Top