Windwos 2003 DC Promo - Demote AD/DNS Server without Removing DNS

Posted on 2006-06-15
Last Modified: 2012-05-05
Hi all I have a widows 2003 server running AD/DNS  that i would like to remove AD from and just leave the DNS intact. The last time i tried this with a similar box when i ran dcpromo it removed AD like i wanted and also DNS which was unintended and i had to scramble to recreate my dns back to the the way it was originally setup. Now i do know that i can juggle dns around and move it first to another box and then after that settles out then demote the AD using dcpromo and then move dns back to this box which will be its permanent home BUT I am lazy and i would like to know if i can skip all that and just remove AD without having to move remove and reinstall dns....

any suggestions comments or help is appreciated
Question by:MyICHPHelp
  • 3
  • 2

Expert Comment

ID: 16912344

To have an ACTIVE DIRECTORY iINTEGRATED zone, your machine MUST be an Active Directory Domain Controller (DC).  The DNS zone information is stored in AD and replicated with the other AD information (GPO, user information, security info, etc).

You can have a standard primary or secondary zone on a plain member server, but it doesn't sound like what you are looking for.

It sounds like you may have only one DNS server (and one Domain Controller?) in your environment?  If so, I would recommend setting up another DC/DNS server - requirements are basic:  you can use a very old server or PC grade hardware, but at least you have another copy of your AD/DNS somewhere.

You should also make a backup of your SYSTEM STATE INFORMATION using the built in NT Backup.  It is very simple and fast, and you can backup to your hard drive.  THis contains your entire DNS/domain security information (user accts, etc) in one file.


Author Comment

ID: 16913749
thank you for your feedback
 I would like to add some more info here in an effort to help clarify.
I do have Active Directory integrated DNS and it has worked well for us
I also recognize that the information is stroed in AD
We do have 2 dns servers  that are active directory integrated and also 1 that has standard primary and one that has secondary zones
We also have 3 AD Controllers

I think i may see the answer in your response so let me run this by you hopefully i will get it right

If i want to split my dns from my acitve directory i can no longer use active directory intergation, so if i demote a ad box it will always uninstall dns??
if i change the dns server to standard primary before i demote active directory on that box will it leave dns alone when i dcpromo to demote? or will it always uninstall dns when i do the dcpromo -demote



Expert Comment

ID: 16913999

I am not 100% sure if it will ALWAYS uninstall DNS Server.  I am curious what would happen if you had MANUALLY installed DNS server - then done DCPROMO (ie the DCPROMO would not have installed DNS and thus may not uninstall it) but that is besides the point for you.

If the zone you are concerned with is in fact your AD DNS ZOne (example:  yourinternaldomain.local) then I would not suggest converting it to a PRIMARY DNS zone (if that is in fact somehow possible).  If it is just a simple zone that happens to be AD Integrated there would be no harm in converting it to a STANDARD PRIMARY.

From there, you can grab the ZONE file from \windows\system32\dns (just copy the txt file) to back it up - or you can setup a secondary DNS server and have it replicated there.


Author Comment

ID: 16921180
thanks guy for your feedback
this server has about 15 forwad and reverse zones and what i was hoping was to not have to move dns around at all in order to remve AD
i still have to verify that what you first said was correct (NO AD = NO ADintegrated dns) i swear i once had a box that was a standalone dns server and was able to do active directory integration from that box but i could be wrong

the original question still stands

dcpromo -demote = AD and DNS BOTH gone
dcpromo - demote = AD only (dns left intact)



Accepted Solution

NYtechGuy earned 125 total points
ID: 16921813


My thought is this- I would assume that DNS will be removed.  If it is not removed, you will be pleasantly suprised.  If it is removed, you will be prepared:

1. Copy the DNS folder which contains all the zone files, verify they are in there.

2. If you have another DNS server (or can set one up temporarily) set that as secondary to these zones, allow xfers from primary, and the zones will then be on the secondary server.  Then change the zones to primary there.

then run dcpromo and see what happens.

Even if you get a definite answer to your question above, wouldn't you want a backup just_in_case that person is wrong?

If you need help, let me know.



Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
URL to download Windows 10 Home 7 135
Exchange 2007 standard - defrag (eseutul /d) 10 66
Windows 8.1 HP issues 11 64
SOA*.tmp files 2 97
Introduction Often we come across situations wherein our batch files would be needing to reboot Windows for a variety of reasons. A few of them would be like: (1) Setup files have been updated whose changes can take effect only after a reboot …
Just about everyone has an old PC laying around.  Ask anyone in the IT industry, whether they are a professional or play in it as a hobby.  From outdated Desktops to cheap "throwaway" laptops, they are all around and not as hard to "fix up" as you m…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

761 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question