Hi all I have a widows 2003 server running AD/DNS  that i would like to remove AD from and just leave the DNS intact. The last time i tried this with a similar box when i ran dcpromo it removed AD like i wanted and also DNS which was unintended and i had to scramble to recreate my dns back to the the way it was originally setup. Now i do know that i can juggle dns around and move it first to another box and then after that settles out then demote the AD using dcpromo and then move dns back to this box which will be its permanent home BUT I am lazy and i would like to know if i can skip all that and just remove AD without having to move remove and reinstall dns....

any suggestions comments or help is appreciated
My thought is this- I would assume that DNS will be removed.  If it is not removed, you will be pleasantly suprised.  If it is removed, you will be prepared:

1. Copy the DNS folder which contains all the zone files, verify they are in there.

2. If you have another DNS server (or can set one up temporarily) set that as secondary to these zones, allow xfers from primary, and the zones will then be on the secondary server.  Then change the zones to primary there.

then run dcpromo and see what happens.

Even if you get a definite answer to your question above, wouldn't you want a backup just_in_case that person is wrong?

If you need help, let me know.



To have an ACTIVE DIRECTORY iINTEGRATED zone, your machine MUST be an Active Directory Domain Controller (DC).  The DNS zone information is stored in AD and replicated with the other AD information (GPO, user information, security info, etc).

You can have a standard primary or secondary zone on a plain member server, but it doesn't sound like what you are looking for.

It sounds like you may have only one DNS server (and one Domain Controller?) in your environment?  If so, I would recommend setting up another DC/DNS server - requirements are basic:  you can use a very old server or PC grade hardware, but at least you have another copy of your AD/DNS somewhere.

You should also make a backup of your SYSTEM STATE INFORMATION using the built in NT Backup.  It is very simple and fast, and you can backup to your hard drive.  THis contains your entire DNS/domain security information (user accts, etc) in one file.

MyICHPHelpAuthor Commented:
thank you for your feedback
 I would like to add some more info here in an effort to help clarify.
I do have Active Directory integrated DNS and it has worked well for us
I also recognize that the information is stroed in AD
We do have 2 dns servers  that are active directory integrated and also 1 that has standard primary and one that has secondary zones
We also have 3 AD Controllers

I think i may see the answer in your response so let me run this by you hopefully i will get it right

If i want to split my dns from my acitve directory i can no longer use active directory intergation, so if i demote a ad box it will always uninstall dns??
if i change the dns server to standard primary before i demote active directory on that box will it leave dns alone when i dcpromo to demote? or will it always uninstall dns when i do the dcpromo -demote



I am not 100% sure if it will ALWAYS uninstall DNS Server.  I am curious what would happen if you had MANUALLY installed DNS server - then done DCPROMO (ie the DCPROMO would not have installed DNS and thus may not uninstall it) but that is besides the point for you.

If the zone you are concerned with is in fact your AD DNS ZOne (example:  yourinternaldomain.local) then I would not suggest converting it to a PRIMARY DNS zone (if that is in fact somehow possible).  If it is just a simple zone that happens to be AD Integrated there would be no harm in converting it to a STANDARD PRIMARY.

From there, you can grab the ZONE file from \windows\system32\dns (just copy the txt file) to back it up - or you can setup a secondary DNS server and have it replicated there.

MyICHPHelpAuthor Commented:
thanks guy for your feedback
this server has about 15 forwad and reverse zones and what i was hoping was to not have to move dns around at all in order to remve AD
i still have to verify that what you first said was correct (NO AD = NO ADintegrated dns) i swear i once had a box that was a standalone dns server and was able to do active directory integration from that box but i could be wrong

the original question still stands

dcpromo -demote = AD and DNS BOTH gone
dcpromo - demote = AD only (dns left intact)


