Solved

SBS 2003 server included in a Server2003R2 domain, but now can't demote or remove from the Domain

Posted on 2007-03-28
6
229 Views
Last Modified: 2010-04-20
Well after ready many other similar issues on the subject, I understood that it's trick/hard/ not possible to include an SBS2003 server on my Server2003R2 Domain.
Well I managed to include it and make it a Secondary Domain Controler.

Now after reading issues on SBS2003 with my Domain, I want to remove it.....

and there is nothing I can do, I get -> "can't access the domain!!!" which is weird because I login to this SBS box from the domain, and cannot login on this machine.

So other,than format reinstall, what can I do to make this machine a simple computer in or out of the Domain!
nomore active directory so it stops complaining and rebooting every 60 min.

Thanks

0
Comment
Question by:Crs707
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 18812189
SBS Cannot participate in an existng Domain, You can however add additional Win2003 DCs to an SBS domain. Somehow it seems that you have partially put the SBS machine into a domain and it is now in a state of limbo where is is neither truely in the domain nor truely out of it either.

I don't see any alternatve but you just remove it physicaly and then remove all traces of it from your Win2003 AD. You can then rebuild the SBS server from scratch.
0
 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 18813577
You're stuck.

SBS CAN participate in an existing domain, but it MUST be made the FSMO master domain controller.  You simply cannot make the SBS server any other kind of server.  It MUST be a domain controller and it MUST be the FSMO master - you wanted to buy a "cheaper" version of Windows Server with Exchange and possibly other applications... but that discount has certain strings attached.  And you're trying to cut them - which is a violation of the license agreement and results in reboots of the server every hour or so.
0
 

Author Comment

by:Crs707
ID: 18813593
Alright, makes sense...

but now how can I change or remove that server?

DCPROMO fails

can't put it on a workgroup

I can't login to the machine I'm stuck in the domain!!!

tks
0
Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 96

Expert Comment

by:Lee W, MVP
ID: 18813808
Power it off.  Use another DC to seize the FSMO roles.  That's pretty much the only way you're going to be able to get rid of it - which also will require an NTDSUTIL metadata cleanup.
0
 
LVL 70

Accepted Solution

by:
KCTS earned 250 total points
ID: 18814614
You could try DCPROMO /Force but I don't expect that to work either. As LeeW says Sieze the FSMO roles (see http://support.microsoft.com/kb/255504), phusically remove the 'in limbo DC' and run a metadata cleanup ( see http://technet2.microsoft.com/WindowsServer/en/library/012793ee-5e8c-4a5c-9f66-4a486a7114fd1033.mspx?mfr=true) to remove all traces of the failed DC from Active Directory.
0
 

Author Comment

by:Crs707
ID: 18836791


The computer is now a stand alone machine, and based on you previous comments and other comments I have read, it looks like it will stay on a workgroup, since I can't make this a "computer" in my domain, since it has to be the DC FSMO master....

Thanks again.

cheers.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question