I hope you are all well and can assist.
I am attempting to script the process of demoting a domain controller, a 2008 R2 domain controller.
I have done the following.
All looks fine....reboot and logon ...
- The NTDS service and all actice directory dependent services have been disabled
- The NTDS Settings object in AD Sites and Services is gone
- The Role of Active Directory Domain Services is still available, but disabled
- Doing a "net share" reveals that the shares sysvol and netlogon have been removed
However, the c:\windows\sysvol folder on disk:
1) has not been deleted.
2) doing a dir reveals:
Directory of c:\windows\sysvol
13/11/2013 12:12 AM <DIR> .
13/11/2013 12:12 AM <DIR> ..
13/11/2013 12:14 AM <DIR> domain
13/11/2013 12:12 AM <DIR> staging
13/11/2013 12:12 AM <DIR> staging areas
13/11/2013 12:12 AM <DIR> sysvol
And all the group policies and scripts are still there. So, the demotion script has not deleted this sysvol folder and subdirectories, and I do not know why.
I have only found the following, but not really sure if this is the reason why my demotion script failed to delete the sysvol folder and its contents.
================================================== DCPROMO log:
All entries fine, except for 2 errors below...
06/14/2014 00:27:01 [INFO] This machine is no longer a domain controller
06/14/2014 00:27:03 Telling DNS Server to prepare for demotion failed with 1068
06/14/2014 00:27:03 Setting security on server files failed with 2
Any help greatly appreciated on how to get a clean demotion done including deletion of the sysvol folder and its contents.