?
Solved

Removing Domain Controller and DFS Host from service

Posted on 2008-06-09
4
Medium Priority
?
833 Views
Last Modified: 2010-05-18
Hi,

At one of our branches we are elimating their Windows 2003 Domain Controller that also has DFS on it. This server is a domain controller with a global catalog on it. Users used to authenticate to it and get dhcp from it. However we have made a new DHCP scope at headquarters and configured it to pass DHCP info to the branch. We need to get rid of this server, and I wonder what all I need to change to let this happen without breaking anything. We replaced it with a riverbed steelhead. Last time I tested the steelhead, I just shutdown the server. That caused all kinds of login and DFS problems. The dfs problems seems to mess with our other branches as well. So I turned it back on and the problems quit.

Its listed as a "Namespace server" with all the other servers.

So do I just delete its name from the "Namespace Servers" on the DFS management tool, and then run a DCPROMO to unjoin it from the Domain, and DNS replication and all that?

Since DHCP server gives them our DNS server at headquarters, will this allow them to authenticate to the server at headquarters?
Thanks
0
Comment
Question by:borgmember
  • 3
4 Comments
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 1500 total points
ID: 21745613
Was Domain Controller part was of the HQ domain or on it's own domain? If it was part of the HQ domain then you can demote the DC by using DCPROMO. Keep the DNS service on until you demote the server.

The client computers after the DC has been demoted will need to do a ipconfig /release and /renew to retrieve the new IP settings so they can use the HQ DNS which will allow them to authenicate to HQ Active Directory. You will have slow logon times becasue the logon requests will have to travel over the WAN.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21778462
Any update on this issue?
0
 

Author Comment

by:borgmember
ID: 21779115
Yes.

It went well. Heres what I did.

Opened DFS and removed the server from the namespace. If you hit the wrong delete button it wants to delete the entire root corporate wide, that would be bad! So be sure to remove server from namespace.

Did a DCPROMO to remove it failed waiting for the netlogon service.

Ran DCPROMO again and it successfully removed. Rebooted
Looged in as local admin
Removed DNS role
Added machine to a workgroup so it is no longer even a member server

Removed the server from AD sites and services. Pointed that site to the domain controller at headquarters.

So far we have had no complaints or problems. Thanks for the help!
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 21780059
Not a problem.
0

Featured Post

What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question