Link to home
Create AccountLog in
Avatar of Comex_IT
Comex_IT

asked on

Active Directory Sites and Services

Hi,

We have 4 Servers in our domain,

Primary ( GC )
Exchange 01 ( GC )
Exchange 02
Apps

The exchange02 used to be a dc but when we removed the role it still show in the active directory sites and services etc, i think it is causing some issue on the network etc, is it safe to delete this from that section of AD or will it effect anything ?

Thanks

Jon
Avatar of dontseme
dontseme

use ntdsutil in a command windows from a DC and view the FSMO Roles that are assigned to your server. Verify all roles are relocated to the other DC's
http://support.microsoft.com/kb/255504

Or look at this if you dont want to use Ntdsutil (would still verify with it though)
http://support.microsoft.com/kb/324801/en-us
You can not just remove it. You will have to check if the current DC holds all FSMO roles. You can do this with NTSUtil.
The current DC will have to hold 5 roles in total being:
schema master
RID master
PDC
Domain naming master
Infrastructure Master

Make sure also that the current DC is a Global catalog server and that DNS is fully replicated.
Avatar of Krzysztof Pytko
If you are really sure that it is no DC anymore you can simply delete it. But first run dcdiag on your existing DC and check what kind of errors do you have.
Avatar of Comex_IT

ASKER

sorry, im a bit confused, if i run the ntsutil will that check ?

do i need to run it on the old exchange02 server ?

If you notice you can expand Primary or Exchange01 it does but not exchnage02 its blank this used to be a dc etc .....
sites-and-services.jpg
if you look at the screenshot here it show exchange02 being a dc ......
properties-exchange02-sites-and-.jpg

Hi ,
You can check if your exchange02 is FSMO ROle Holder .
Follow the steps mentioned in this link
http://www.petri.co.il/determining_fsmo_role_holders.htm 
If there is no Roles. You can demote the DC .
By running DCPROMO .
Run NTDSutil on the current DC
start, run
type NTDSutil
type roles, press enter
type connections, press enter
type connect to server primary, press enter
from "server connections" type q and than press enter
from "FSMO roles" type seize pdc pres enter
you will get a warning box. Read carefully. It will state exactly which machine holds all FSMO roles.If this is allready the Primary you can cancel and do not have to do anything more than check DNS replication.
I did demote it already though, but for some reason its still showing as a dc like in the screen shot
Did you check the FSMO roles allready? What was the outcome?

As per screenshot it coes up with Primary etc, i remember running dcpromo a while ago and demoting the server but its still showint in ad sites and services etc
ntdsutil.jpg
You would have to click yes in the screenshot you send. It will than attempt to seize the role. Afterwards it wil give an overview in the dos box wich states what roles belong to which server.

If thes all belong to your server called "primary" the next thing to check is if the DNS is fully populated on your "primary".

After that I would shut down exchange02. go to one workstation, renew dhcp, reboor machine. logon on to the network. See if all network drives are availeble and if you loinscripts run fine. Check if mail is availeble.

If this all works fine and there are no strange errors in the log file of the "primary" it should be quite safe to move the echange02 from "domain controllers" to the "computers" container in AD.
You can clean up the meta data by the steps given in the link below. http://support.microsoft.com/kb/216498
ASKER CERTIFIED SOLUTION
Avatar of Premkumar Yogeswaran
Premkumar Yogeswaran
Flag of India image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer