Solved

Remove the Windows 2003 R2 as Domain controller

Posted on 2006-11-24
3
496 Views
Last Modified: 2012-08-13
We have windows 2003 R2 on a windows 2000 domain which is in mixed mode. The problem is that windows 2003 R2 server wasn't promtoted properly as domain controller.I try to de-commission the server but kept on getting the message the kerberos authenticaion failed.I manually removed the the windows 2003 DC from the other 2 DCS with ntdsutil and adsiedit tools.Now I can't join or run dcpromo to de-commission on windows 2003 server. I still keep getting the same error message.Let me know if missed any thing.
0
Comment
Question by:life_j
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
3 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 18011037
run

dcpromo /forceremoval

on the R2 Box
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 18011043
Windows Server 2003 domain controllers
1. By default, Windows Server 2003 domain controllers support forced demotion. Click Start, click Run, and then type the following command:
dcpromo /forceremoval
2. Click OK.
3. At the Welcome to the Active Directory Installation Wizard page, click Next.
4. At the Force the Removal of Active Directory page, click Next.
5. In Administrator Password, type the password and confirmed password that you want to assign to the Administrator account of the local SAM database, and then click Next.
6. In Summary, click Next.
7. Perform a metadata cleanup for the demoted domain controller on a surviving domain controller in the forest.  
If you removed a domain from the forest by using the remove selected domain command in Ntdsutil, verify that all the domain controllers and the global catalog servers in the forest have removed all the objects and the references to the domain that you just removed before you promote a new domain into the same forest with the same domain name. Windows 2000 Service Pack 3 (SP3) and earlier global catalog servers are noticeably slower to remove objects and naming contexts than Windows Server 2003 is.

If resource access control entries (ACEs) on the computer that you removed Active Directory from were based on domain local groups, these permissions may have to be reconfigured, because these groups will not be available to member or stand-alone servers. If you plan to install Active Directory on the computer to make it a domain controller in the original domain, you do not have to configure access control lists (ACLs) any more. If you prefer to leave the computer as a member or stand-alone server, any permissions that are based on domain local groups must be translated or replaced. For more information about how permissions are affected after you remove Active Directory from a domain controller
http://support.microsoft.com/kb/332199
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 18031480
ThanQ
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question