?
Solved

Removing DC from active directory

Posted on 2008-11-13
9
Medium Priority
?
352 Views
Last Modified: 2012-05-05
I am trying to remove a dc from a 2003 active directory domain. I have 2 dc's in my domain and I need to remove one of them. I have installed VMWARE ESX server on one of my boxes that had my domain controller on and I have reinstalled Windows server 2003 with the same ip address and dns name as the old dc. I did not demote the DC before installing the ESX server so it is currenty still in active directory. I have found a procedure at http://www.petri.co.il/delete_failed_dcs_from_ad.htm that shows how to remove the inactive dc from the domain. The question that I have is do I need to do anything special before I promote this box as a DC in my domain. When I tried before it give me an error that is could not join the domain because the user already existed (Like I said before I am using the same dns name as old server and it is still in AD). Also this box was a DNS server for AD so I assume I need to remvoe it there also. I probably could rename the computer and everything work out ok but I didnt know if this would cause problems in Ad down the road.
0
Comment
Question by:phil435
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 24

Expert Comment

by:ryansoto
ID: 22955034
RUn through that link first to removed the old machine - then you can dcpromo the new machine with the same name if you wish.
0
 
LVL 11

Expert Comment

by:jimbecher
ID: 22955062
Wow I am a little lost. The safest way to add and remove a DC from the AD is with dcpromo. ARe you saying the one DC that you are trying to remove crashed and burned before you could demote it? Are you using dcpromo to add the new DC and is the DNS address on that DC pointing to the schema master?
0
 
LVL 2

Author Comment

by:phil435
ID: 22955091
Do I need to turn off my reinstalled machine before removing??
message.jpg
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 24

Accepted Solution

by:
ryansoto earned 2000 total points
ID: 22955097
If the new server waiting has the same name - change the server name temporarily

Run through the link
Change server name back to whatever you want
dcpromo
0
 
LVL 2

Author Comment

by:phil435
ID: 22955124
to jimbecher. Kinda on the domain crash and burn. When I installed VMWARE it deleted to partition that had windows server on it so it is gone. I did not have a chance to demote this server. I do have the reinstalled server pointing to the schema master in dns address.
0
 
LVL 11

Expert Comment

by:jimbecher
ID: 22955128
Try dcpromo to demote it, change the name then dcpromo to promote it.
0
 
LVL 18

Expert Comment

by:exx1976
ID: 22955318
Whoa!  What in the world were you thinking when you did this?

You can't dcpromo the old one out, it's disappeared.  Permanently.

You'll need to run ntdsutil as specified in that link, then you'll need to delete it from sites/services.

Rename the new server you built to something else, and change the IP address (you can change these back later if you want).

You'll need to delete EVERY reference to that old DC in DNS.  In _msdcs, _tcp, _pdc, _sites, _udp, and anywhere else.  Also remove it from the name servers tab, and remove it from any forwarders.

Check your other DC(s) to see where they think the FSMO Roles are.  If that DC that you whacked had any of the FSMO roles, you'll need to sieze them.  Use this KB article to do that

http://support.microsoft.com/kb/255690



You definitely need to clean this up, otherwise it WILL Cause issues down the road.  ESPECIALLY if you intend to use the same server name.  Even after you clean this up, you could run into issues with SYSVOL and some other stuff by using the same server name.  My personal recommendation would be to clean this up, and then dcpromo the new server with a new name and a new IP.


Then think about what else you may have lost.  Did that DC host DHCP?  WINS?  These things will also cause you headache if you don't replace them...


Best of luck.  I'll bet you don't ever make that mistake again..


HTH,
exx
0
 
LVL 2

Author Closing Comment

by:phil435
ID: 31516595
Thanks! worked great
0
 

Expert Comment

by:jazzypk
ID: 23302763
I have same sort of issue but in my case i have joined a company recently and after my checking the AD DNS and DHCP i found millions of errors out of which is one like the above they had 2 DC which are nomore anywhere but still ADS1 & ADS2 are trying replicate and bla bla to them and throwing lots of error I hope God be with me in solving the said issues and if you guys have some say on it please do and advice..thanks
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question