Remove/Demote DC on Window 2008 R2 from DC on Window 2012 R2 without the access of Window 2008 R2 server

Dear experts,


I have a domain controller running on Window 2012 R2 with Active Directory Integrated zone. I also have another domain controller running on Window 2008 R2. Unfortunately the Window 2008 R2 machine malfunctioned which at least I can still survive on the DC on Window 2012 R2. My concern right now is how to remove/demote the Window 2008 R2 properly without the capability of accessing that machine? Can I remove/demote Window 2008 R2 directly from Window 2012 R2? Thanks
Kinderly WadeprogrammerAsked:
Who is Participating?
 
Joseph HornseyPresident and JanitorCommented:
Is the Win2k8 machine totally dead and will never come back online?

If so, you can manually remove it from AD.

On the 2012R2 server:

1. If the 2k8 server has FSMOs, seize them using NTDSUTIL
2. In NTDSUTIL, delete the 2k8 server
3. In NTDSUTIL, clean up the metadata
4. In DNS Manager, remove all references to the 2k8 server
5. In Active Directory Sites & Services, delete the 2k8 server
1
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
You can use DCPROMO /FORCEREMOVAL - then you'll have to delete it from the working DC's Domain Controllers OU and verify all remnants of it are removed from the working DC.  (DNS, Sites and Services, etc).
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Steps 2 and 3 are unnecessary.  Metadata cleanup is automated in Server 2012.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
MaheshArchitectCommented:
before removing server, make sure all dependencies on that server are addressed such as DHCP and so on.
Then simply shutdown 2k8R2 server physically if it won't allow you to logon or something like that
Then seize FSMO on 2012 R2 DC
Now from ADUC on 2012 R2 DC, remove 2k8R2 DC object from domain controllers OU
remove leftover object from AD sites and services and u should be fine
0
 
Kinderly WadeprogrammerAuthor Commented:
Thanks all. I will try out the NTDUTIL and DCPROMO (I was able to remove one of the old one with the DCPROMO because I was able to resurrect that one from the dead. I just found out there was another one but some how I can't find the other physical server. I will have to use the NTDUTIL and see if I can remove the other without the actual physical server.
0
 
Kinderly WadeprogrammerAuthor Commented:
Thanks all. I will try out the NTDUTIL and DCPROMO (I was able to remove one of the old one with the DCPROMO because I was able to resurrect that one from the dead. I just found out there was another one but some how I can't find the other physical server. I will have to use the NTDUTIL and see if I can remove the other without the actual physical server.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.