Solved

Remove the Windows 2003 R2 as Domain controller

Posted on 2006-11-24
3
490 Views
Last Modified: 2012-08-13
We have windows 2003 R2 on a windows 2000 domain which is in mixed mode. The problem is that windows 2003 R2 server wasn't promtoted properly as domain controller.I try to de-commission the server but kept on getting the message the kerberos authenticaion failed.I manually removed the the windows 2003 DC from the other 2 DCS with ntdsutil and adsiedit tools.Now I can't join or run dcpromo to de-commission on windows 2003 server. I still keep getting the same error message.Let me know if missed any thing.
0
Comment
Question by:life_j
  • 3
3 Comments
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
run

dcpromo /forceremoval

on the R2 Box
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
Comment Utility
Windows Server 2003 domain controllers
1. By default, Windows Server 2003 domain controllers support forced demotion. Click Start, click Run, and then type the following command:
dcpromo /forceremoval
2. Click OK.
3. At the Welcome to the Active Directory Installation Wizard page, click Next.
4. At the Force the Removal of Active Directory page, click Next.
5. In Administrator Password, type the password and confirmed password that you want to assign to the Administrator account of the local SAM database, and then click Next.
6. In Summary, click Next.
7. Perform a metadata cleanup for the demoted domain controller on a surviving domain controller in the forest.  
If you removed a domain from the forest by using the remove selected domain command in Ntdsutil, verify that all the domain controllers and the global catalog servers in the forest have removed all the objects and the references to the domain that you just removed before you promote a new domain into the same forest with the same domain name. Windows 2000 Service Pack 3 (SP3) and earlier global catalog servers are noticeably slower to remove objects and naming contexts than Windows Server 2003 is.

If resource access control entries (ACEs) on the computer that you removed Active Directory from were based on domain local groups, these permissions may have to be reconfigured, because these groups will not be available to member or stand-alone servers. If you plan to install Active Directory on the computer to make it a domain controller in the original domain, you do not have to configure access control lists (ACLs) any more. If you prefer to leave the computer as a member or stand-alone server, any permissions that are based on domain local groups must be translated or replaced. For more information about how permissions are affected after you remove Active Directory from a domain controller
http://support.microsoft.com/kb/332199
0
 
LVL 57

Expert Comment

by:Pete Long
Comment Utility
ThanQ
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now