Solved

Windwos 2003 DC Promo - Demote AD/DNS Server without Removing DNS

Posted on 2006-06-15
8
693 Views
Last Modified: 2012-05-05
Hi all I have a widows 2003 server running AD/DNS  that i would like to remove AD from and just leave the DNS intact. The last time i tried this with a similar box when i ran dcpromo it removed AD like i wanted and also DNS which was unintended and i had to scramble to recreate my dns back to the the way it was originally setup. Now i do know that i can juggle dns around and move it first to another box and then after that settles out then demote the AD using dcpromo and then move dns back to this box which will be its permanent home BUT I am lazy and i would like to know if i can skip all that and just remove AD without having to move remove and reinstall dns....

any suggestions comments or help is appreciated
0
Comment
Question by:MyICHPHelp
  • 3
  • 2
8 Comments
 
LVL 9

Expert Comment

by:NYtechGuy
ID: 16912344

To have an ACTIVE DIRECTORY iINTEGRATED zone, your machine MUST be an Active Directory Domain Controller (DC).  The DNS zone information is stored in AD and replicated with the other AD information (GPO, user information, security info, etc).

You can have a standard primary or secondary zone on a plain member server, but it doesn't sound like what you are looking for.

It sounds like you may have only one DNS server (and one Domain Controller?) in your environment?  If so, I would recommend setting up another DC/DNS server - requirements are basic:  you can use a very old server or PC grade hardware, but at least you have another copy of your AD/DNS somewhere.

You should also make a backup of your SYSTEM STATE INFORMATION using the built in NT Backup.  It is very simple and fast, and you can backup to your hard drive.  THis contains your entire DNS/domain security information (user accts, etc) in one file.

Thanks
0
 

Author Comment

by:MyICHPHelp
ID: 16913749
Hi
thank you for your feedback
 I would like to add some more info here in an effort to help clarify.
I do have Active Directory integrated DNS and it has worked well for us
I also recognize that the information is stroed in AD
We do have 2 dns servers  that are active directory integrated and also 1 that has standard primary and one that has secondary zones
We also have 3 AD Controllers

I think i may see the answer in your response so let me run this by you hopefully i will get it right

If i want to split my dns from my acitve directory i can no longer use active directory intergation, so if i demote a ad box it will always uninstall dns??
or
if i change the dns server to standard primary before i demote active directory on that box will it leave dns alone when i dcpromo to demote? or will it always uninstall dns when i do the dcpromo -demote

 

0
 
LVL 9

Expert Comment

by:NYtechGuy
ID: 16913999

I am not 100% sure if it will ALWAYS uninstall DNS Server.  I am curious what would happen if you had MANUALLY installed DNS server - then done DCPROMO (ie the DCPROMO would not have installed DNS and thus may not uninstall it) but that is besides the point for you.

If the zone you are concerned with is in fact your AD DNS ZOne (example:  yourinternaldomain.local) then I would not suggest converting it to a PRIMARY DNS zone (if that is in fact somehow possible).  If it is just a simple zone that happens to be AD Integrated there would be no harm in converting it to a STANDARD PRIMARY.

From there, you can grab the ZONE file from \windows\system32\dns (just copy the txt file) to back it up - or you can setup a secondary DNS server and have it replicated there.

/Justin
0
 

Author Comment

by:MyICHPHelp
ID: 16921180
thanks guy for your feedback
this server has about 15 forwad and reverse zones and what i was hoping was to not have to move dns around at all in order to remve AD
i still have to verify that what you first said was correct (NO AD = NO ADintegrated dns) i swear i once had a box that was a standalone dns server and was able to do active directory integration from that box but i could be wrong


the original question still stands

dcpromo -demote = AD and DNS BOTH gone
or
dcpromo - demote = AD only (dns left intact)


anyone?

0
 
LVL 9

Accepted Solution

by:
NYtechGuy earned 125 total points
ID: 16921813

MYICH-

My thought is this- I would assume that DNS will be removed.  If it is not removed, you will be pleasantly suprised.  If it is removed, you will be prepared:

1. Copy the DNS folder which contains all the zone files, verify they are in there.

2. If you have another DNS server (or can set one up temporarily) set that as secondary to these zones, allow xfers from primary, and the zones will then be on the secondary server.  Then change the zones to primary there.

then run dcpromo and see what happens.

Even if you get a definite answer to your question above, wouldn't you want a backup just_in_case that person is wrong?

If you need help, let me know.

Thanks,

Justin
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Introduction Often we come across situations wherein our batch files would be needing to reboot Windows for a variety of reasons. A few of them would be like: (1) Setup files have been updated whose changes can take effect only after a reboot …
Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now