I am removing a DC from a 2003 domain, intending to shut it down forever. There are 2 other DC's, each running DNS, both are Global Catalogs, replicating with no errors, all roles are on the PDC. DCPRomo failed with access denied, saying the user doesn't have permission to perform the operation. The user is a Schema admins and Enterprise admins member. I have changed the DNS setting for the server I want to remove to another DNS server. I would like to avoid a forced removal if possible. I see that in order to possibly get around this problem, I can remove the permission to delete all Child objects from Everyone by unchecking the deny box on OU's.
My first question is do I have to do that on all the OU's (all do not have the Everyone group), or can I just do it at the domain level? Or do I have to do both?
Second question is if I do a dcpromo /forceremoval, with no intention of reinstalling the server as a DC or anything else, do I still need to do the metadata fix? I have never had this problem before, will I get prompted through the metadata fix , or is it manual? Trying to determine how late I might be here.