Solved

Remove Active Directory from Domain Controller

Posted on 2002-03-04
7
305 Views
Last Modified: 2010-04-14
I have 1 domain including several domain controllers but one 1 domain controller has a problem and I want to format it. To do so, I have to remove active directory then format and reinstall Windowns2000 but when I remove active directory with command "dcpromo", File replication service cannot be stopped and other services have faced with that problem.
Now I cannot install/uninstall any software because the computer will not response or hang and I have to kill those applications.

If I format it without removing active directory, could I remove it from other domain controllers after I format?

Could you please give me any solutions how to remove active directory and format my domain controller?

Very thank you so much for your help.
0
Comment
Question by:annjung
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 1

Expert Comment

by:adowns
ID: 6840524
You could try to open the Services control panel under administrative tools and set the services that are giving you a hard time to start manually when the computer boots. This way you can restart the computer without these services running and dcpromo yourself out of the domain. Just to be safe I would do one service at a time and narrow it down. Good Luck, let us know what happens.
0
 

Author Comment

by:annjung
ID: 6840547
I've tried to do so(start service manually), but when I click apply/OK the computer wouldn't response and hang for several minutes.
Do you have any advice?
Thanks for your help.
0
 
LVL 10

Accepted Solution

by:
AndresM earned 50 total points
ID: 6841327
When a domain controller is demoted, if it is not the last domain controller in the domain, it performs a final replication and then transfers the roles to another domain controller. As part of the demotion process, the Dcpromo utility removes the configuration data for the domain controller from Active Directory. This data takes the form of an NTDS Settings object, which exists as a child to the server object in Active Directory Sites and Services Manager. After the domain controller is demoted it no longer has Active Directory information available, and uses the Security Accounts Manager (SAM) database for local database information. If the domain controller is a global catalog, that role is not transferred to another domain controller. In this case, you must manually select the check box in Active Directory Sites and Services Manager for another domain controller to take over the role.
If the demotion process does not succeed for any reason, you must manually delete this metadata from the directory. Use the Ntdsutil.exe utility to manually remove the NTDS Settings object. For additional information about how to use Ntdsutil.exe, click the article number below to view the article in the Microsoft Knowledge Base:
How to Remove Data in the Active Directory After an Unsuccessful Domain Controller Demotion (Q216498)
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q216498
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 17

Expert Comment

by:mikecr
ID: 6841352
AndresM is correct. If you use the Ntdsutil program, you will be able to wipe the old information from AD of that domain controller.
0
 
LVL 1

Expert Comment

by:TedSenn
ID: 6841502
You could also boot a DOS disk run FDISK and delete the partitions since you were going to start over anyway.
0
 
LVL 14

Assisted Solution

by:AvonWyss
AvonWyss earned 50 total points
ID: 6841650
You can manually remoce a domain controller from the Active Directory, but this is not the suggested thing to do. Also, if you demote a DC, you should not propote another computer with the same computer name again. So, if you format, give the server a new name.

Try this:
* Disconnect the DC in question from the network.
* Start in safe mode.
* If installed, remove the Certificate Authority.
* In the services control panel, disable all the following if applicable: NTFRS, DFS, DHCP, DNS, Indexing Service, IISADMIN

Reboot and try to demote now.
0
 
LVL 11

Expert Comment

by:ewtaylor
ID: 8904383
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:
[split avonwyss andresm]
Please leave any comments here within the next seven days.
 
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
 
[ewtaylor]
EE Cleanup Volunteer
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server Hard Drive Expansion 2 166
Window 2000 server in a SBS2011 domain DNS Errors 4 476
Locking down a taskpad 1 184
P2V Windows Server 2000 - Network Issue 14 64
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Dramatic changes are revolutionizing how we build and use technology. Every company is automating, digitizing, and modernizing operations. We need a better, more connected way to work together as teams so we can harness the insights from our system…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question