Solved

SBS 2003 server included in a Server2003R2 domain, but now can't demote or remove from the Domain

Posted on 2007-03-28
6
223 Views
Last Modified: 2010-04-20
Well after ready many other similar issues on the subject, I understood that it's trick/hard/ not possible to include an SBS2003 server on my Server2003R2 Domain.
Well I managed to include it and make it a Secondary Domain Controler.

Now after reading issues on SBS2003 with my Domain, I want to remove it.....

and there is nothing I can do, I get -> "can't access the domain!!!" which is weird because I login to this SBS box from the domain, and cannot login on this machine.

So other,than format reinstall, what can I do to make this machine a simple computer in or out of the Domain!
nomore active directory so it stops complaining and rebooting every 60 min.

Thanks

0
Comment
Question by:Crs707
  • 2
  • 2
  • 2
6 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 18812189
SBS Cannot participate in an existng Domain, You can however add additional Win2003 DCs to an SBS domain. Somehow it seems that you have partially put the SBS machine into a domain and it is now in a state of limbo where is is neither truely in the domain nor truely out of it either.

I don't see any alternatve but you just remove it physicaly and then remove all traces of it from your Win2003 AD. You can then rebuild the SBS server from scratch.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 18813577
You're stuck.

SBS CAN participate in an existing domain, but it MUST be made the FSMO master domain controller.  You simply cannot make the SBS server any other kind of server.  It MUST be a domain controller and it MUST be the FSMO master - you wanted to buy a "cheaper" version of Windows Server with Exchange and possibly other applications... but that discount has certain strings attached.  And you're trying to cut them - which is a violation of the license agreement and results in reboots of the server every hour or so.
0
 

Author Comment

by:Crs707
ID: 18813593
Alright, makes sense...

but now how can I change or remove that server?

DCPROMO fails

can't put it on a workgroup

I can't login to the machine I'm stuck in the domain!!!

tks
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 18813808
Power it off.  Use another DC to seize the FSMO roles.  That's pretty much the only way you're going to be able to get rid of it - which also will require an NTDSUTIL metadata cleanup.
0
 
LVL 70

Accepted Solution

by:
KCTS earned 250 total points
ID: 18814614
You could try DCPROMO /Force but I don't expect that to work either. As LeeW says Sieze the FSMO roles (see http://support.microsoft.com/kb/255504), phusically remove the 'in limbo DC' and run a metadata cleanup ( see http://technet2.microsoft.com/WindowsServer/en/library/012793ee-5e8c-4a5c-9f66-4a486a7114fd1033.mspx?mfr=true) to remove all traces of the failed DC from Active Directory.
0
 

Author Comment

by:Crs707
ID: 18836791


The computer is now a stand alone machine, and based on you previous comments and other comments I have read, it looks like it will stay on a workgroup, since I can't make this a "computer" in my domain, since it has to be the DC FSMO master....

Thanks again.

cheers.
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Know what services you can and cannot, should and should not combine on your server.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now