Solved

Force a server 2008 to stop acting as a domain controller

Posted on 2012-12-28
2
593 Views
Last Modified: 2012-12-29
I have a 2 server environment with a Server 2003 DC and a Server 2008 DC.  The ops masters are on the Server 2003.  The DCs stopped replicating and the Server 2008 has been tombstoned and is no longer recognized as a DC.  DCPROMO on the server 2008 to get it to try and rejoin the domain gracefully, fails because it can't find the primary DC.  The server 2008 is working fine except now sometimes the security stops people from accessing the files and printers.  

How can remote, demote, or tell the server 2008 to stop acting as a DC. So I can forcefully remove it Active Diretory and then re-dcpromo it back as at DC?  I once went through a process with Microsoft that edited the registry so a tombstoned DC would stop acting as a DC and would allow another dcpromo to add it back to the domain after adsiedit was used to remove the dc from Active Directory.
0
Comment
Question by:MelJahnke
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 13

Accepted Solution

by:
Yagya Shree earned 500 total points
ID: 38726994
Please look into below links

How to demote a domain controller via registry key (2003/2008)
http://kc-tek.blogspot.com/2011/10/how-to-demote-domain-controller-via.html#!/2011/10/how-to-demote-domain-controller-via.html

Removing a Domain Controller from a Domain
http://technet.microsoft.com/en-us/library/cc771844(v=ws.10).aspx

How To Demote Windows Server 2008 Domain Controller
http://www.itbox4vn.com/2011/06/how-to-demote-windows-server-2008.html

Demoting Windows Server 2008 Domain Controller
http://www.shariqsheikh.com/blog/index.php/200901/demoting-windows-server-2008-domain-controller/
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38728554
Hi

Perform force removal first then cleanup the metadata of culprit server then seize the roles to working DC then you can repromote the server to the domain

Reference link

Forcefull removal of DC:
http://support.microsoft.com/kb/332199 (2003)
http://technet.microsoft.com/en-us/library/cc731871(v=ws.10).aspx (2008)

Metadata cleanup:
http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Seize FSMO role:
http://www.petri.co.il/seizing_fsmo_roles.htm
0

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
time server cant sync - rpc service is unavailable. 5 55
DNS logs 1 33
GPO question 3 32
Cannot create HyperV vm inside Window Server 2008R2 10 38
Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question