Solved

Delete domain from server and recreate domain

Posted on 2010-08-26
8
868 Views
Last Modified: 2012-05-10
Hi experts,

I have the following infrastructure:

- One single Windows Server 2008 R2 configured as a domain controller for example.local
- Three workstations, Windows 7 Pro, members of example.local
- Three user accounts in example.local

I somehow managed to completely mess up DNS and DNS integration into AD (Active Directory / AD DS). Server Manager's 'Best Practice Analyzer' lists dozens of cryptic errors in AD and DNS. Domain users (roaming profiles) are no longer able to login to the domain, etc.

Correcting all these errors would take ages, so I guess it would be more efficient to totally remove the domain example.local and the DNS role from the server and rebuild the domain from scratch. I don't mind losing the user accounts or anything else in example.com (FSMO etc.) All can be deleted and rebuilt.
My goal would be to recreate a domain with the same name 'example.local' afterwards.

My basic plan is:
1. take the workstations out of the domain example.com => members of 'workgroup'
2. delete the locally stored parts of the roaming user profiles on the workstations (Windows 7 Pro)
3. remove the domain from the server
4. create a new domain (with the same name example.com) on the server
5. create new computer and user accounts on the new example.com domain
6. join the workstations to the domain

Two questions:
a) Is my basic plan OK?
b) I ask you for advice on how to do steps 2 and 3 correctly to reach my goal. Which processes do I have to follow?

Thanks for considering my problem.
Daniel

0
Comment
Question by:daniel-h
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33529242
Are you sure that you want to do that that way? You will completely remove your existing domain. What about file server and resources permission? Could you describe a little bit more your domain infrastructure, please?
0
 
LVL 4

Expert Comment

by:Gavincr001
ID: 33529256
If you only want to removed a failed DC you can use these steps.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

I wouldnt want to kill your domain entirely unless you in a LAB environment for yourself only.
0
 
LVL 4

Expert Comment

by:Gavincr001
ID: 33529263
You could just format the server and build the new domain, then join the PC's to that new domain.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 2

Author Comment

by:daniel-h
ID: 33529305
The files to be shared on the file server (about 12 GB of data) have just been copied over from an external USB harddisk to the file server. No problem to do that again. This is a new installation that only worked during the installation phase and after changing NIC and IP ranges on the server became corrupted.
Therefore I am not expecting any issues with permissions on the files / file server.
0
 
LVL 2

Author Comment

by:daniel-h
ID: 33529339
@ Gavincr001
I don't want to reformat the harddisk and do a new installation of Windows Server 2008 R2 if I don't have to do that. Windows is already activated. I just would like to remove the function of domain controller / domain from the server.

I know Petri's article on removing a failed DC. But right now I don't know whether dcpromo would or would not finish successfully. Before starting to remove the domain I would like to collect the expert's thoughts on how to proceed to remove the domain / DC role without forgetting anything vital, because afterwards I would like to recreate a new domain with the same name.
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 250 total points
ID: 33529368
OK then, disjoin PCs from domain, run dcpromo on DC from command-line and demote DC. Select that it is the last one DC in a domain. Uninstall also DNS role. Reboot server and start DCPROMO again. After that configure everything as you wrote (ad, dns, gc). After that authorize DHCP server if you have it installed on W2K8 server to serve IPs again.
0
 
LVL 11

Assisted Solution

by:sighar
sighar earned 250 total points
ID: 33529419
Since this is the only DC, I see no problem in just running dcpromo and remove the domain. You cannot remove a failde DC if you only have one...
If I were you, I'd take a better look at the DNS errors, though. It sounds a bit to me like the SRV records are messed up, and fixing it shouldn't be too hard. But if you don't want to spend time on it, then your way seems OK to me.
Remove the roaming user profiles from where you stored them (usually under Users).
0
 
LVL 2

Author Comment

by:daniel-h
ID: 33538241
Thanks for your comments. According to your confirmations I followed my plan. After dcpromo I also deinstalled most server roles. The I reinstalled AD DS, did dcpromo (incl. DNS) and added DHCP afterwards. All is working as it should now. Took  me some time, but less than trying fo find a needle in the DNS haystack (there even must have been several needles hidden there...)

Cheers
Daniel
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question