Solved

Demoting a DC that has CA.

Posted on 2013-11-20
4
288 Views
Last Modified: 2014-01-09
Hello,
I currently have a domain controller that needs to be demoted, but currently has the Certificate Authority roll installed. When I try and run the uninstall for Cert', it asks for Server 2003 disk 2 for the install.exe file in order to continue. Has anyone run into this? The server is offsite and in the past I've tried to share out the Disk but it does not find that install file. I am currently in the process of upgrading my domain to 2008 and this server will remain a Windows 2003 file server/print server, but not a DC.
Thx!
0
Comment
Question by:bbwb
  • 2
  • 2
4 Comments
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39663909
What is Os version ?
2003 with SP2 OR 2003 R2 with SP2
You can copy Windows server 2003 setup files + 2003 R2 setup files + 2003 SP2 setup files on CA server and then try uninstalling CA service.
It should work.
If still it fails, then backup CA certificate along with Certificate authority database and then forcefully remove Certificate authority from the server.

To backup CA server:
http://technet.microsoft.com/library/ee126140.aspx
http://support.microsoft.com/kb/298138

Use procedure mentioned in below MS article to forcefully remove CA
http://support.microsoft.com/kb/555151

Also check below article for more information
http://support.microsoft.com/kb/889250

Once you completed above procedure, hopefully you will be able to demote domain controller to member server

Now you can deploy new CA server if wanted to or you can have another server with same host name (you need to rename original server name) and install new CA role there with certificate backup taken above.

Thanks
0
 

Author Comment

by:bbwb
ID: 39666287
OS is 2003 R2 SP2.
0
 

Author Comment

by:bbwb
ID: 39712330
Unfortunately, when I put the disk in, there is no "install.exe" file that it wants. Is there another way to demote the server? Can I re-point certificate authority to another server, then delete it?
Thx!
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39712453
Can I re-point certificate authority to another server, then delete it?

There is no option to re-point the CA.
You can backup CA and restore it on another server having same hostname if you want to retain existing issued certificates.
If you are not using those issued certificates anymore or its quantity is very less, then you can restore it on server having different hostname
Note - Before restoring CA by above methods, it is mandatory that existing CA server must be decommissioned.
hence either you want to move CA server to different server OR If you want to demote DC gracefully \ forcefully, only option is to remove CA forcefully

Once CA server is removed, you can demote DC gracefully OR forcefully if find problem with graceful demotion.
For forceful demotion you can use dcpromo /forceremoval
Once removed AD from DC, just clean-up DC metadata from AD

if you fail to forcefully remove CA server role, then check below article
http://support.microsoft.com/kb/332199 if it might help to remove DC role from server.

If you fail to demote CA and DC role from server only option is to take server data backup with NTFS security, backup share permissions and format the server since it is also file server and join it as a member server.
Then restore data from backup, restore share and NTFS permissions and restore CA on another server.

Mahesh
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question