Reconfigure network, remove domain control for it's 5 PCs but maintane the Windows 2008 Server

Posted on 2014-02-07
Last Modified: 2014-02-07
I have a small network with one server, 3 PCs, a NAS, and a few printers.  It was configured as a domain and I want to remove each PC from the domain but still allow all the desktop PCs in the LAN to access the Windows 2008 Server for file sharing (it also hosts a FileMaker Pro database that is accessed locally from the desktop PCs) and all the LAN resources like the NAS and the printers.

I very little experience with the server management but am pretty technical and have been dealing with windows and networks for a long time.  I realize i can just go to active directory and remove the user, but what happens after that as far as getting access to the server and other resources on the local network?  

Beside file sharing, the server had also been used as an exchange server  but i have migrated exchange to a hosted solution.  All the server is really used for is "File Sharing" and a FileMaker Pro Server for a desktop database application.
Question by:AxeTracks
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4

Author Comment

ID: 39843728
Maybe what i need to do is to uninstall Active Directory Services, and uninstall or turn off the domain controller?
LVL 11

Expert Comment

ID: 39843735
Create local user account on the workstation, disjoin the workstation from the domain and map the network drive.

Deleting the user account on the AD will create issue for the users logging on their domain client machines.

For the printers, you can set workstations to ip printing.

Author Comment

ID: 39843736
Is dis-joining different then deleting an active directory user?
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 11

Expert Comment

ID: 39843743
Yes, its different.

A domain computer has two account in AD. One is user account and another is computer account. When you delete the user from the users ou, that user can not login to their computer.and another user with domain credential can still logon to the workstation.

When you disjoin, you disassociate the workstation account from the domain completely.

Author Comment

ID: 39843753
interesting.  Each PC in this LAN is on the Domain, and each user in this office has a domain login on "each" PC...  so if created a local account on one of the PCs and then disjoined that PC in AD... users could still login to the domain on one of the other PCs... ?
LVL 11

Accepted Solution

Miftaul earned 500 total points
ID: 39843757
Yes, user will still be able to logon to the domain using another domain joined machine. We need to disable the user account so that it can not be used or even delete the user account later.

When we dis-join the workstation from the AD, the users domain credential will not allow him/her to logon to the workstation. Thats the reason, we created a local user account , so that s/he can logon to the workstation using this local credential.

If you just remove a user account from the AD, not dis-joining the workstation from the AD. Other domain users can still login to the workstation right, because the workstation is still joined the domain.

Say UserA users ComputerA which is in a Domain called abc.local. Now abc,local has other user account as well like UserB, UserC, UserD etc. If you delete the UserA account on the AD, then UserA will not be able to access the ComputerA, but ComputerA is still joined in the domain. And another domain user UserB can logon to ComputerA using his/her domain credential.

What I am saying is,
1. Disjoin the workstation from the domain. Now no domain user can logon to the workstation.
2. Login to the ComputerA as administrator and create a local user account.
3. Share that local account creadentoial with the userA, so s/he can logon to the machine.
4. Map the servers drive for the user.

Author Comment

ID: 39843761
You have offered me very excellent support.  Thank you.

Author Closing Comment

ID: 39843762
I asked a question that was not very thought out and got excellent guidance.  Thank you
LVL 11

Expert Comment

ID: 39843769
Thanks AxeTracks.

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lync meeting or Lync conferencing is what many organizations would like to deploy to allow them save money. But companies are now giving up for various reasons, one of which is that they cannot join external meetings (non-federated company meetings)…
Technology opened people to different means of presenting information, but PowerPoint remains to be above competition. Know why PPT still works today.
Viewers will learn how to maximize accessibility options in an Excel workbook for users with accessibility issues.
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question