Solved

Removing the link on a Server 2008 server

Posted on 2011-03-13
20
307 Views
Last Modified: 2012-05-11
I have taken on a server which is Server 2008.  It is currently replicating with another server in it's forrest which is a Server 2003 sbs server.  The office I have taken over want's this link removed and they need to stand as their own domain locally.  The local server currently logs them on the the local domain but only links to the other server for exchange which is not needed now.

Can I just remove the server from the forrest and break the VPN link, will everything still function OK?

Someone suggested I will need to run dcpromo to remove the server from the forrest and then run it again to create another domain and then re add the PC's to the new domain, is this the case?
0
Comment
Question by:bootuppc
  • 9
  • 6
  • 2
  • +2
20 Comments
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 35123779
if you want to create a new domain, which all machines and users that bind to the domain will not considered as the same previous domain. Then you will have to dcpromo it and recreate the entire AD structure to become a new domain.

NO previous users and computers account will be binded after you demoted it.

0
 
LVL 8

Expert Comment

by:PenguinN
ID: 35123788
So you have 2 DC, one in site A (sbs2003) and one in site B (windows 2008) please confirm. When you break the link you can't logon in the site B because all FSMO roles are stil on the site with the SBS 2003 server.

If you are a 100% sure the sites will never conect again you could try to start the FSMO roles on the separated 2008 domain. Check the following discussion http://www.eggheadcafe.com/software/aspnet/36151753/seizing-fsmo-roles-question.aspx
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35123834
Hi PenguinN

Yes your are right with site A and Site B.  So your saying it won't work if I just break the link?

I will be 100% sure before I do it, still needs the link at the moment but I wanted to be prepared for when it's ready go be separate.

What are FSMO roles?
0
 
LVL 8

Assisted Solution

by:PenguinN
PenguinN earned 166 total points
ID: 35124004
FSMO roles are Roles on a DC that you need to logon to your domain and are very important. If you just delete the link your domain is not functional. This is where all FSMO roles come in. Just to get a little familiar with the roles (it's realy important) check:
http://support.microsoft.com/kb/324801

Also do some reading in crashed DC senario's this s where you'll get an insight of the possibilities you have broken the link.
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 334 total points
ID: 35124038
Well you can break the link but there are some other steps you will have to take to keep the domain functioning still.

Run dcdiag to check for any errors on DC that you want to break from forest. If none the proceed.

Make sure the Domain Controller is a Global Catalog if it isn't currently make sure it is and allow replication to take place.

Make sure DC is pointing to itself for DNS and that it has DNS zone

Once replication has taken place then you break VPN link.

Seize FSMO roles http://www.petri.co.il/seizing_fsmo_roles.htm

Run metadata cleanup to remove any lingering objects from old domain controllers. http://www.petri.co.il/delete_failed_dcs_from_ad.htm

From here you should have a functioning independent domain.

0
 
LVL 2

Author Comment

by:bootuppc
ID: 35124067
It's a lot more complicated than I was hoping for :) but thanks all for your help.  I will give it a go once I know the link isn't needed and let you know how I get on.

Thanks again.
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35730698
Hi dariusq

Sorry for the delay -  this link between the servers isn't needed any more so I need to sort this out now.

I ran dcdiag and there are no errors
The server is a global catalogue
It is pointing to itself for DNS

Regarding the FSMO roles do I need to break the link before I seize them or can I go through everything and then break the link?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35730730
You need to break the line first
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35730738
when I break the link will the domain stop functioning?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35730757
Yes breifly the remote domain could have a little issues until you sieze the fsmo roles. Now you shouldn't have any hiccups but you could see a brief hiccup.
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35730835
Ok thanks,

I'm worried on how to sieze the fsmo roles.  I haven't done this before and not really sure what steps to take.  Any chance you could lay out in "laymen's" terms how to do it.  

All the documentation I have read says I need to connect to the server I want to sieze the roles on.  So am I siezing roles on the local server?  How do I know which ones to sieze?
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 334 total points
ID: 35730877
Make sure all servers are Global Catalogs

http://www.petri.co.il/seizing_fsmo_roles.htm

When you break the link you want to go to the DC that is at the remote site run this command

netdom /query fsmo

The command will give you the server the fsmo roles are on now to check to see if the server all ready has them or not. If it doesn't then just go through the link above sieze all roles.
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35730906
am I right in thinking siezing is just overwriting them?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35730963
siezing them is taking them from another server that can NOT be contacted. If the server could be contacted then transferring them would be the good idea to do but this just moves the roles.
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35731017
If the server can not be contacted then how can it take them?  Sorry for appearing stupid :(
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35731027
oh I think I just got it, it's taking charge of the roles for itself rather than actually taking anything from the other server, is that right? :)
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35731084
Right
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35731105
cool, thanks for your help dariusq I'll let you know how it goes
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 36032534
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

If you are a user of the discontinued Microsoft Office Accounting 2008 (MSOA) and have to move to a new computer running Windows 8, you will be unhappy to discover that it won't install.  In particular, Microsoft SQL Server 2005 Express Edition (SSE…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now