Solved

Remove the Windows 2003 R2 as Domain controller

Posted on 2006-11-24
3
491 Views
Last Modified: 2012-08-13
We have windows 2003 R2 on a windows 2000 domain which is in mixed mode. The problem is that windows 2003 R2 server wasn't promtoted properly as domain controller.I try to de-commission the server but kept on getting the message the kerberos authenticaion failed.I manually removed the the windows 2003 DC from the other 2 DCS with ntdsutil and adsiedit tools.Now I can't join or run dcpromo to de-commission on windows 2003 server. I still keep getting the same error message.Let me know if missed any thing.
0
Comment
Question by:life_j
  • 3
3 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 18011037
run

dcpromo /forceremoval

on the R2 Box
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 18011043
Windows Server 2003 domain controllers
1. By default, Windows Server 2003 domain controllers support forced demotion. Click Start, click Run, and then type the following command:
dcpromo /forceremoval
2. Click OK.
3. At the Welcome to the Active Directory Installation Wizard page, click Next.
4. At the Force the Removal of Active Directory page, click Next.
5. In Administrator Password, type the password and confirmed password that you want to assign to the Administrator account of the local SAM database, and then click Next.
6. In Summary, click Next.
7. Perform a metadata cleanup for the demoted domain controller on a surviving domain controller in the forest.  
If you removed a domain from the forest by using the remove selected domain command in Ntdsutil, verify that all the domain controllers and the global catalog servers in the forest have removed all the objects and the references to the domain that you just removed before you promote a new domain into the same forest with the same domain name. Windows 2000 Service Pack 3 (SP3) and earlier global catalog servers are noticeably slower to remove objects and naming contexts than Windows Server 2003 is.

If resource access control entries (ACEs) on the computer that you removed Active Directory from were based on domain local groups, these permissions may have to be reconfigured, because these groups will not be available to member or stand-alone servers. If you plan to install Active Directory on the computer to make it a domain controller in the original domain, you do not have to configure access control lists (ACLs) any more. If you prefer to leave the computer as a member or stand-alone server, any permissions that are based on domain local groups must be translated or replaced. For more information about how permissions are affected after you remove Active Directory from a domain controller
http://support.microsoft.com/kb/332199
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 18031480
ThanQ
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now