Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Removing the link on a Server 2008 server

Posted on 2011-03-13
20
Medium Priority
?
320 Views
Last Modified: 2012-05-11
I have taken on a server which is Server 2008.  It is currently replicating with another server in it's forrest which is a Server 2003 sbs server.  The office I have taken over want's this link removed and they need to stand as their own domain locally.  The local server currently logs them on the the local domain but only links to the other server for exchange which is not needed now.

Can I just remove the server from the forrest and break the VPN link, will everything still function OK?

Someone suggested I will need to run dcpromo to remove the server from the forrest and then run it again to create another domain and then re add the PC's to the new domain, is this the case?
0
Comment
Question by:bootuppc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 6
  • 2
  • +2
20 Comments
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 35123779
if you want to create a new domain, which all machines and users that bind to the domain will not considered as the same previous domain. Then you will have to dcpromo it and recreate the entire AD structure to become a new domain.

NO previous users and computers account will be binded after you demoted it.

0
 
LVL 8

Expert Comment

by:PenguinN
ID: 35123788
So you have 2 DC, one in site A (sbs2003) and one in site B (windows 2008) please confirm. When you break the link you can't logon in the site B because all FSMO roles are stil on the site with the SBS 2003 server.

If you are a 100% sure the sites will never conect again you could try to start the FSMO roles on the separated 2008 domain. Check the following discussion http://www.eggheadcafe.com/software/aspnet/36151753/seizing-fsmo-roles-question.aspx
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35123834
Hi PenguinN

Yes your are right with site A and Site B.  So your saying it won't work if I just break the link?

I will be 100% sure before I do it, still needs the link at the moment but I wanted to be prepared for when it's ready go be separate.

What are FSMO roles?
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 8

Assisted Solution

by:PenguinN
PenguinN earned 664 total points
ID: 35124004
FSMO roles are Roles on a DC that you need to logon to your domain and are very important. If you just delete the link your domain is not functional. This is where all FSMO roles come in. Just to get a little familiar with the roles (it's realy important) check:
http://support.microsoft.com/kb/324801

Also do some reading in crashed DC senario's this s where you'll get an insight of the possibilities you have broken the link.
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 1336 total points
ID: 35124038
Well you can break the link but there are some other steps you will have to take to keep the domain functioning still.

Run dcdiag to check for any errors on DC that you want to break from forest. If none the proceed.

Make sure the Domain Controller is a Global Catalog if it isn't currently make sure it is and allow replication to take place.

Make sure DC is pointing to itself for DNS and that it has DNS zone

Once replication has taken place then you break VPN link.

Seize FSMO roles http://www.petri.co.il/seizing_fsmo_roles.htm

Run metadata cleanup to remove any lingering objects from old domain controllers. http://www.petri.co.il/delete_failed_dcs_from_ad.htm

From here you should have a functioning independent domain.

0
 
LVL 2

Author Comment

by:bootuppc
ID: 35124067
It's a lot more complicated than I was hoping for :) but thanks all for your help.  I will give it a go once I know the link isn't needed and let you know how I get on.

Thanks again.
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35730698
Hi dariusq

Sorry for the delay -  this link between the servers isn't needed any more so I need to sort this out now.

I ran dcdiag and there are no errors
The server is a global catalogue
It is pointing to itself for DNS

Regarding the FSMO roles do I need to break the link before I seize them or can I go through everything and then break the link?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35730730
You need to break the line first
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35730738
when I break the link will the domain stop functioning?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35730757
Yes breifly the remote domain could have a little issues until you sieze the fsmo roles. Now you shouldn't have any hiccups but you could see a brief hiccup.
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35730835
Ok thanks,

I'm worried on how to sieze the fsmo roles.  I haven't done this before and not really sure what steps to take.  Any chance you could lay out in "laymen's" terms how to do it.  

All the documentation I have read says I need to connect to the server I want to sieze the roles on.  So am I siezing roles on the local server?  How do I know which ones to sieze?
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 1336 total points
ID: 35730877
Make sure all servers are Global Catalogs

http://www.petri.co.il/seizing_fsmo_roles.htm

When you break the link you want to go to the DC that is at the remote site run this command

netdom /query fsmo

The command will give you the server the fsmo roles are on now to check to see if the server all ready has them or not. If it doesn't then just go through the link above sieze all roles.
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35730906
am I right in thinking siezing is just overwriting them?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35730963
siezing them is taking them from another server that can NOT be contacted. If the server could be contacted then transferring them would be the good idea to do but this just moves the roles.
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35731017
If the server can not be contacted then how can it take them?  Sorry for appearing stupid :(
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35731027
oh I think I just got it, it's taking charge of the roles for itself rather than actually taking anything from the other server, is that right? :)
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35731084
Right
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35731105
cool, thanks for your help dariusq I'll let you know how it goes
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 36032534
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question