Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How do you forcibly remove a DC ?

Posted on 2014-02-04
3
Medium Priority
?
284 Views
Last Modified: 2014-03-07
Hi guys

Can you tell me your procedure of removing a DC ? I'm pretty sure there can be a situation when its not possible to even power on a DC - broken mobo for example - and every serious admin should have a ready plan for that scenario.

I'm talking about an environment where the highest ver of Win Server is 2008 R2.

Here is what I would do:

1. change IP settings of other DC(s) so they don't point to that failed DC for DNS.
2. Seize roles if it was FSMO role holder
3. clear DNS of any IP addresses of failed DC
4. remove DC object from users and computers
5. Set a different DC as a time server if necessary.

Is there anything you would change, skip, add ?

Please let me know. Unfortunately, as always - I need to add that I'm only interested in first hand experience.
0
Comment
Question by:tp-it-team
3 Comments
 
LVL 22

Assisted Solution

by:Joseph Moody
Joseph Moody earned 498 total points
ID: 39833290
In addition to what you have, see this KB:

http://support.microsoft.com/kb/555846/en-us
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 501 total points
ID: 39833301
The above is basically what you need to do. If the other suggestions i would have is ensure that there are no SRV records present anywhere under the _msdcs folder under your internal domain zone. If you see any IP's in there you should simply delete them.

Make sure that Sites and Services have the correct replication partners as well once you have removed the domain. If the computer objects still reside in there you can delete those as well.

You only need to perform a metadata cleanup when the DC has had any roles assigned to it. If the DC fails and there are no roles assigned at that time you can just delete the computer object (if you are at a 2008 level). 2003 will require a metadata cleanup.

Metadata Cleanup

Will.
0
 
LVL 9

Assisted Solution

by:rawinnlnx9
rawinnlnx9 earned 501 total points
ID: 39833307
I just did this very thing.

http://www.petri.co.il/understanding_fsmo_roles_in_ad.htm 
http://www.petri.co.il/transferring_fsmo_roles.htm
http://www.petri.co.il/determining_fsmo_role_holders.htm
http://www.petri.co.il/configure_a_new_global_catalog.htm

At the end on your new PDC run dcdiag and make sure everything passes. If anything fails google and the solutions are usually simple.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question