Solved

How do you forcibly remove a DC ?

Posted on 2014-02-04
3
276 Views
Last Modified: 2014-03-07
Hi guys

Can you tell me your procedure of removing a DC ? I'm pretty sure there can be a situation when its not possible to even power on a DC - broken mobo for example - and every serious admin should have a ready plan for that scenario.

I'm talking about an environment where the highest ver of Win Server is 2008 R2.

Here is what I would do:

1. change IP settings of other DC(s) so they don't point to that failed DC for DNS.
2. Seize roles if it was FSMO role holder
3. clear DNS of any IP addresses of failed DC
4. remove DC object from users and computers
5. Set a different DC as a time server if necessary.

Is there anything you would change, skip, add ?

Please let me know. Unfortunately, as always - I need to add that I'm only interested in first hand experience.
0
Comment
Question by:tp-it-team
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 22

Assisted Solution

by:Joseph Moody
Joseph Moody earned 166 total points
ID: 39833290
In addition to what you have, see this KB:

http://support.microsoft.com/kb/555846/en-us
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 167 total points
ID: 39833301
The above is basically what you need to do. If the other suggestions i would have is ensure that there are no SRV records present anywhere under the _msdcs folder under your internal domain zone. If you see any IP's in there you should simply delete them.

Make sure that Sites and Services have the correct replication partners as well once you have removed the domain. If the computer objects still reside in there you can delete those as well.

You only need to perform a metadata cleanup when the DC has had any roles assigned to it. If the DC fails and there are no roles assigned at that time you can just delete the computer object (if you are at a 2008 level). 2003 will require a metadata cleanup.

Metadata Cleanup

Will.
0
 
LVL 9

Assisted Solution

by:rawinnlnx9
rawinnlnx9 earned 167 total points
ID: 39833307
I just did this very thing.

http://www.petri.co.il/understanding_fsmo_roles_in_ad.htm 
http://www.petri.co.il/transferring_fsmo_roles.htm
http://www.petri.co.il/determining_fsmo_role_holders.htm
http://www.petri.co.il/configure_a_new_global_catalog.htm

At the end on your new PDC run dcdiag and make sure everything passes. If anything fails google and the solutions are usually simple.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question