Solved

Completely Remove AD from DC

Posted on 2008-06-10
10
246 Views
Last Modified: 2013-12-05
Hi, I need to completely remove AD from a windows 2k DC , what are the steps to do this?
0
Comment
Question by:frsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
10 Comments
 
LVL 26

Expert Comment

by:DrDave242
ID: 21752856
Normally, you'd simply run the DCPROMO command to demote the DC.  This will remove AD from it.  If for some reason this does not work, or if the server is not able to boot normally, check this article:

http://support.microsoft.com/kb/332199
0
 
LVL 70

Accepted Solution

by:
KCTS earned 500 total points
ID: 21753170
Do you have another DC ?
Do you want to get rid of the entire domain ?
In extreme cases you can use DCPROMO /forceremoval
0
 

Author Comment

by:frsupport
ID: 21753237
we moved over to a new domain, and are decommissioning the old dc , and leaving it as a file & print server

so yes , getting rid of the entire domain
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 26

Expert Comment

by:DrDave242
ID: 21753258
Once you're sure you no longer need the old domain, DCPROMO the DC.  It will ask you to specify whether it's the last DC for the domain (at least, I think 2000 did that - I know 2003 does).  Check the appropriate box and let the wizard do its thing.  If you run into trouble, post any errors or inconsistencies that you encounter.
0
 

Author Comment

by:frsupport
ID: 21753362
getting the following error message after running dcpromo

the domain "domain name" is not an active directory domain, or an active directory domain controller for the domain could not be contacted

what do i do next???
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 21753512
Do you still have a DNS server configured for that domain?  If not, you'll need to install DNS on that DC and create the appropriate zones in order for it to be able to resolve the domain name and/or locate the necessary SRV records to identify itself as a DC.
0
 

Author Comment

by:frsupport
ID: 21754168
right, big problem


i ran DCPROMO /forceremoval, server re-booted, now i can't log onto the server, in hindsight i should have created a local profile, but i didnt , is there any way of getting onto this machine?
0
 
LVL 70

Expert Comment

by:KCTS
ID: 21754226
As the machine is not on the domain anymore you need to use the local administrator password - not domain admin. If you can't remember it use http://home.eunet.no/pnordahl/ntpasswd/
0
 

Author Comment

by:frsupport
ID: 21754657
sorted, after a few reboots, the password which i thought was the local admin pw actually worked, thank the lord jebus
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 21755687
i am guessing your server wasnt looking at itself for DNS - thats usually why you get those errors - still, the old demolition trick usually works too..
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

697 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question