A while back I had a failed DC demotion in my 2003 AD network. I resorted to removing the DC with the dcpromo /forceremoval switch per http://support.microsoft.com/kb/332199
. Now I am attempting to extend the schema for an application and it this is failing because it finds a DC that it cannot write to (the disabled DC). My goal is to remove the DC metadata from AD but I MUST leave the computer account intact because this is a critical app server we are talking about. The cleanup processes I've seen such as http://www.petri.co.il/delete_failed_dcs_from_ad.htm
may involve removing the computer account from the AD or generally leave me feeling a little uncertain.
Where do you think I can draw the line where I am not removing the computer account or other important info for the system to participate in the network as an app server, yet remove enough info so that other DCs don't look to this system as a DC any longer. I would play it safe and remove the bare minimum so other DCs don't think this box is still a DC. I need accuracy on this one, which is why I turned to EE.