Demote DC or just Remove it?

I have installed a new 2008r2 server in existing 2000 domaim.
Ran the necessary adprep and promoted the server to a DC.
Transferred all the roles. Moved DHCP.
NOW that the old server will not be used, do I .....?
* just unplug & remove the server
* demote it and then remove
How do I make sure there are no referneces to the old server?
Note: on the old server after the migration I cannot access AD Users & Computers or any of the other AD snap-ins.
I have a feeling that if I try to demote it will bark at me with errors.
>>>I did see a MS KB (887431) where this error is caused by a change in the default group policy. I did not want to correct and affect the existing domian.

Any best direction to take?

smschulzIT Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

kcoectCommented:
If you just turn off the server and remove it, then your going to not only remove the objects in AD Users and computers, but then your going to have to use NTDSUTIL and remove the domain controller from AD.  Also, you may have DNS entries that need to be cleaned up (removing the old server as a Global Catalog server possibly, etc...)

You can follow the following article on how to remove the DC from AD:
http://support.microsoft.com/kb/216498
0
smschulzIT Author Commented:
So i take it the best course of action is to remove it and run NTDSUTIL from the new server?
0
Encrypted1024Commented:
A nice gracefull dcpromo is the best way to start. When you moved all of your roles did you transfer the FSMO roles as well? If dcpromo fails then move on to the forceful NTDSUTIL route.
0
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

kcoectCommented:
If you can gracefully remove it, it makes life easier overall, but if you get an error while removing it, you can do a DCPROMO /forceremoval and forceably remove the server then use NTDSUTIL and remove the orphaned entries...  I've done both many times before, but gracefully is preferred.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kcoectCommented:
Sorry, I didn't finish reading before I replied, yes, you would run NTDSUTIL from either the new DC or another existing DC.  Part of the process of removing objects with NTDSUTIL is choosing which domain, site and DC your connecting too.  Also, before you remove the DC from the domain, make sure you have transferred your FSMO (Flexible Single Master Operation) roles from it if any of them are on the DC.
0
Encrypted1024Commented:
Did you promote your domain to Windows 2008 native? Is that why your old DC blew up? Just wondering why your old DC stopped working because that is not normal. Just thought I would ask in case there are other issues to address.
0
smschulzIT Author Commented:
Don't know why the miscommunication of the old CD to the new DC except what appears in the KB I mentioned in the OP. I can see and manage the old DC from the new DC ~ appears as a one way street. That leads me to believe that it would (may) not be so graceful.

The domain/forest is windows 2000 native.  It should still be this until the last 2K DC is removed> Correct?
0
kcoectCommented:
Yes, you can't upgrade the Forest/Domain until the last 2000 DC is removed.   That would definetly break communication with the 2000 DC.  It is strange though that if the Domain is 2000 Native that the 2000 DC can't see AD correctly any more...  
0
Encrypted1024Commented:
Ya, it may not be so gracefull. I think you have all the ammo you need. Cross your fingers on the dcpromo and take her down..... If all esle fails the NTDSUTIL method is not the end of the world.
0
smschulzIT Author Commented:
Was able to demote with suggestions.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Operating Systems

From novice to tech pro — start learning today.