Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Demoting a DC that has CA.

Posted on 2013-11-20
4
Medium Priority
?
302 Views
Last Modified: 2014-01-09
Hello,
I currently have a domain controller that needs to be demoted, but currently has the Certificate Authority roll installed. When I try and run the uninstall for Cert', it asks for Server 2003 disk 2 for the install.exe file in order to continue. Has anyone run into this? The server is offsite and in the past I've tried to share out the Disk but it does not find that install file. I am currently in the process of upgrading my domain to 2008 and this server will remain a Windows 2003 file server/print server, but not a DC.
Thx!
0
Comment
Question by:bbwb
  • 2
  • 2
4 Comments
 
LVL 38

Accepted Solution

by:
Mahesh earned 1500 total points
ID: 39663909
What is Os version ?
2003 with SP2 OR 2003 R2 with SP2
You can copy Windows server 2003 setup files + 2003 R2 setup files + 2003 SP2 setup files on CA server and then try uninstalling CA service.
It should work.
If still it fails, then backup CA certificate along with Certificate authority database and then forcefully remove Certificate authority from the server.

To backup CA server:
http://technet.microsoft.com/library/ee126140.aspx
http://support.microsoft.com/kb/298138

Use procedure mentioned in below MS article to forcefully remove CA
http://support.microsoft.com/kb/555151

Also check below article for more information
http://support.microsoft.com/kb/889250

Once you completed above procedure, hopefully you will be able to demote domain controller to member server

Now you can deploy new CA server if wanted to or you can have another server with same host name (you need to rename original server name) and install new CA role there with certificate backup taken above.

Thanks
0
 

Author Comment

by:bbwb
ID: 39666287
OS is 2003 R2 SP2.
0
 

Author Comment

by:bbwb
ID: 39712330
Unfortunately, when I put the disk in, there is no "install.exe" file that it wants. Is there another way to demote the server? Can I re-point certificate authority to another server, then delete it?
Thx!
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39712453
Can I re-point certificate authority to another server, then delete it?

There is no option to re-point the CA.
You can backup CA and restore it on another server having same hostname if you want to retain existing issued certificates.
If you are not using those issued certificates anymore or its quantity is very less, then you can restore it on server having different hostname
Note - Before restoring CA by above methods, it is mandatory that existing CA server must be decommissioned.
hence either you want to move CA server to different server OR If you want to demote DC gracefully \ forcefully, only option is to remove CA forcefully

Once CA server is removed, you can demote DC gracefully OR forcefully if find problem with graceful demotion.
For forceful demotion you can use dcpromo /forceremoval
Once removed AD from DC, just clean-up DC metadata from AD

if you fail to forcefully remove CA server role, then check below article
http://support.microsoft.com/kb/332199 if it might help to remove DC role from server.

If you fail to demote CA and DC role from server only option is to take server data backup with NTFS security, backup share permissions and format the server since it is also file server and join it as a member server.
Then restore data from backup, restore share and NTFS permissions and restore CA on another server.

Mahesh
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
This is a fairly complicated script that will install the required prerequisites to install SCCM 2012 R2 on a server.  It was designed under the functional model in order to compartmentalize each step required, reducing the overall complexity.  The …
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question