Solved

Remove the Windows 2003 R2 as Domain controller

Posted on 2006-11-24
3
492 Views
Last Modified: 2012-08-13
We have windows 2003 R2 on a windows 2000 domain which is in mixed mode. The problem is that windows 2003 R2 server wasn't promtoted properly as domain controller.I try to de-commission the server but kept on getting the message the kerberos authenticaion failed.I manually removed the the windows 2003 DC from the other 2 DCS with ntdsutil and adsiedit tools.Now I can't join or run dcpromo to de-commission on windows 2003 server. I still keep getting the same error message.Let me know if missed any thing.
0
Comment
Question by:life_j
  • 3
3 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 18011037
run

dcpromo /forceremoval

on the R2 Box
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 18011043
Windows Server 2003 domain controllers
1. By default, Windows Server 2003 domain controllers support forced demotion. Click Start, click Run, and then type the following command:
dcpromo /forceremoval
2. Click OK.
3. At the Welcome to the Active Directory Installation Wizard page, click Next.
4. At the Force the Removal of Active Directory page, click Next.
5. In Administrator Password, type the password and confirmed password that you want to assign to the Administrator account of the local SAM database, and then click Next.
6. In Summary, click Next.
7. Perform a metadata cleanup for the demoted domain controller on a surviving domain controller in the forest.  
If you removed a domain from the forest by using the remove selected domain command in Ntdsutil, verify that all the domain controllers and the global catalog servers in the forest have removed all the objects and the references to the domain that you just removed before you promote a new domain into the same forest with the same domain name. Windows 2000 Service Pack 3 (SP3) and earlier global catalog servers are noticeably slower to remove objects and naming contexts than Windows Server 2003 is.

If resource access control entries (ACEs) on the computer that you removed Active Directory from were based on domain local groups, these permissions may have to be reconfigured, because these groups will not be available to member or stand-alone servers. If you plan to install Active Directory on the computer to make it a domain controller in the original domain, you do not have to configure access control lists (ACLs) any more. If you prefer to leave the computer as a member or stand-alone server, any permissions that are based on domain local groups must be translated or replaced. For more information about how permissions are affected after you remove Active Directory from a domain controller
http://support.microsoft.com/kb/332199
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 18031480
ThanQ
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question