Solved

Removing the link on a Server 2008 server

Posted on 2011-03-13
20
311 Views
Last Modified: 2012-05-11
I have taken on a server which is Server 2008.  It is currently replicating with another server in it's forrest which is a Server 2003 sbs server.  The office I have taken over want's this link removed and they need to stand as their own domain locally.  The local server currently logs them on the the local domain but only links to the other server for exchange which is not needed now.

Can I just remove the server from the forrest and break the VPN link, will everything still function OK?

Someone suggested I will need to run dcpromo to remove the server from the forrest and then run it again to create another domain and then re add the PC's to the new domain, is this the case?
0
Comment
Question by:bootuppc
  • 9
  • 6
  • 2
  • +2
20 Comments
 
LVL 14

Expert Comment

by:Justin Yeung
ID: 35123779
if you want to create a new domain, which all machines and users that bind to the domain will not considered as the same previous domain. Then you will have to dcpromo it and recreate the entire AD structure to become a new domain.

NO previous users and computers account will be binded after you demoted it.

0
 
LVL 8

Expert Comment

by:PenguinN
ID: 35123788
So you have 2 DC, one in site A (sbs2003) and one in site B (windows 2008) please confirm. When you break the link you can't logon in the site B because all FSMO roles are stil on the site with the SBS 2003 server.

If you are a 100% sure the sites will never conect again you could try to start the FSMO roles on the separated 2008 domain. Check the following discussion http://www.eggheadcafe.com/software/aspnet/36151753/seizing-fsmo-roles-question.aspx
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35123834
Hi PenguinN

Yes your are right with site A and Site B.  So your saying it won't work if I just break the link?

I will be 100% sure before I do it, still needs the link at the moment but I wanted to be prepared for when it's ready go be separate.

What are FSMO roles?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 8

Assisted Solution

by:PenguinN
PenguinN earned 166 total points
ID: 35124004
FSMO roles are Roles on a DC that you need to logon to your domain and are very important. If you just delete the link your domain is not functional. This is where all FSMO roles come in. Just to get a little familiar with the roles (it's realy important) check:
http://support.microsoft.com/kb/324801

Also do some reading in crashed DC senario's this s where you'll get an insight of the possibilities you have broken the link.
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 334 total points
ID: 35124038
Well you can break the link but there are some other steps you will have to take to keep the domain functioning still.

Run dcdiag to check for any errors on DC that you want to break from forest. If none the proceed.

Make sure the Domain Controller is a Global Catalog if it isn't currently make sure it is and allow replication to take place.

Make sure DC is pointing to itself for DNS and that it has DNS zone

Once replication has taken place then you break VPN link.

Seize FSMO roles http://www.petri.co.il/seizing_fsmo_roles.htm

Run metadata cleanup to remove any lingering objects from old domain controllers. http://www.petri.co.il/delete_failed_dcs_from_ad.htm

From here you should have a functioning independent domain.

0
 
LVL 2

Author Comment

by:bootuppc
ID: 35124067
It's a lot more complicated than I was hoping for :) but thanks all for your help.  I will give it a go once I know the link isn't needed and let you know how I get on.

Thanks again.
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35730698
Hi dariusq

Sorry for the delay -  this link between the servers isn't needed any more so I need to sort this out now.

I ran dcdiag and there are no errors
The server is a global catalogue
It is pointing to itself for DNS

Regarding the FSMO roles do I need to break the link before I seize them or can I go through everything and then break the link?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35730730
You need to break the line first
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35730738
when I break the link will the domain stop functioning?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35730757
Yes breifly the remote domain could have a little issues until you sieze the fsmo roles. Now you shouldn't have any hiccups but you could see a brief hiccup.
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35730835
Ok thanks,

I'm worried on how to sieze the fsmo roles.  I haven't done this before and not really sure what steps to take.  Any chance you could lay out in "laymen's" terms how to do it.  

All the documentation I have read says I need to connect to the server I want to sieze the roles on.  So am I siezing roles on the local server?  How do I know which ones to sieze?
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 334 total points
ID: 35730877
Make sure all servers are Global Catalogs

http://www.petri.co.il/seizing_fsmo_roles.htm

When you break the link you want to go to the DC that is at the remote site run this command

netdom /query fsmo

The command will give you the server the fsmo roles are on now to check to see if the server all ready has them or not. If it doesn't then just go through the link above sieze all roles.
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35730906
am I right in thinking siezing is just overwriting them?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35730963
siezing them is taking them from another server that can NOT be contacted. If the server could be contacted then transferring them would be the good idea to do but this just moves the roles.
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35731017
If the server can not be contacted then how can it take them?  Sorry for appearing stupid :(
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35731027
oh I think I just got it, it's taking charge of the roles for itself rather than actually taking anything from the other server, is that right? :)
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 35731084
Right
0
 
LVL 2

Author Comment

by:bootuppc
ID: 35731105
cool, thanks for your help dariusq I'll let you know how it goes
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 36032534
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question