Solved

Remove secondary DC from Domain/Active Directory

Posted on 2004-04-06
5
1,000 Views
Last Modified: 2012-06-21
I ran into a major issue after migrating an NT 4.0 domain to a Win2K3 SBS domain.
Things got messed up and I was unable to use ADMT, so i had to recreate everything from scratch.

The other problem I messed up with was I promoted a Win2K server in the same domain to be a back up domain controller and that thing just blew up, not it has become unstable, I cannot demote it by DCPROMO or the NDTSUTIL, it locks up and I cannot map network drives to it, it won't let anyone log on excpet the administrator over the network, i think all the screw up was due to the fact i didn't setup DNS properly.

At this point i just want to reformat that machine and pull it out of the domain, i cannot demote it or anything else.

My question is how can i completely remove it from the Win2K3 SBS domain/active directory, I want to COMPLETELY REMOVE IT and any references to it in the AD, i need a clean way to do it without causing any problems on this new Win2K3 Server/Domain.


This is very crucial and important that i get this right, i am just not too familiar with the AD/DNS stuff.

Thanks in advance for your help.!
0
Comment
Question by:z969307
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 11

Expert Comment

by:kabaam
ID: 10766161
0
 

Author Comment

by:z969307
ID: 10766217
Yes i did thanks! but it can't authenticate/connect to the main Win2K3 Server and it fails.

At this point i have already decided to remove it from the domain and I want to clean out my current AD with any references to it.

What would happen if that DC just dissapeared ? and comes back as a memeber server, I still need to maintian the name as lot of apps access it using the netbios name.
Thanks!
0
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
ID: 10767431
z969307

Your problem is DNS (it always is with AD)

You should have DNS installed on a server somewhere, preferably the SBS box.
Make sure the SBS box DNS Settings are pointing to the DNS server

Go to the SBS box and type from the command line:

IPCONFIG /FLUSHDNS
IPCONFIG /REGISTERDNS

This will put back the probably missing _MSDCS entries in your domain

Open up the DNS snapin and navigate to the forward lookup zone for your domain, expand the folder and make sure there is some entries in the _MSDCS sub-zone

If this is OK you should now be able to use the link suggested by kabaam (http://support.microsoft.com/default.aspx?scid=kb;EN-US;216498) to force demotion and removal of the W2k box

If you don't remove it properly then your eventlogs will fill up with failure messages and the SBS box will constantly try to replicate with it. If you bring it back as a member server you will not be able to join it to the domain with the same name and you will still get lots of event logs on the SBS box.

Cheers

JamesDS
0
 

Author Comment

by:z969307
ID: 10768304
Yes it is DNS, thats what i have concluded as well.

DNS is installed on the Win2K3 SBS box, it is the primary DC, I dcpromoed the memeber win2k server, and i think i didn't setup DNS properly and i think thats what screwed it up.

I just want to be clear on forward lookup zones, this is where you enter your ISP's DNS IP's ?

My main goal at this point is to clean out the Win2K3 Box with any and all references to the secondary DC, and remove it properly so we don't have any problems in the future.

0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10769348
Forward lookup zones reside in the DNS tree. If you expand the whole tree you will see your domain in there.

ISP DNS is configured in the DNS service properties at the top of the tree under forwarders - you will be setting the forwarder for "all other domains"

Cheers

JamesDS
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question