How do I remove DC from AD?

  • Thread starter Thread starter AW
  • Start date Start date
A

AW

Hi, we have a DC that failed (hardware) we want to remove
it completely from AD as it's reference everywhere, what
can we do to successfully remove it?

Also what's the command to see which of the DC sontains
all the FSMO roles etc?

Thanks

AW
 
AW,

There are five things that you need to do:

1) find out which DC holds the FSMO Roles ( like you asked ) and - if
necessary - seize them to another DC. This involves ntdsutil.
2) make a second DC a Global Catalog Server as install DNS ( and any other
services that might be necessary )
3) Do a Metadata Cleanup. This involves ntdsutil.
4) Use ADSIEdit to manually clean things up a bit - if necessary ( almost
always is )
5) Manually clean up the DNS entries

Please see the following link for the Metadata Cleanup:

http://support.microsoft.com/?id=216498

Have you already installed DNS on another WIN2000 Server? Have you taken
care of DHCP ( either installed it so that it is available and/or adjusted
the information that it now hands out to client's with the IP Lease )? Have
you made another DC a Global Catalog Server ( if one is not already on your
network )?

You can install the Support Tools and run 'netdom query fsmo' - without the
quotes to see which DC holds the five FSMO Roles. You can also use replmon
or any number of scripts ( I believe that Matjaz has posted a vbs script
that will check AD and spits out the output but it was awhile ago ). The
native way to do this is the use Active Directory Users and Computers MMC to
check for the three domain-wide FSMO Roles ( PDC Emulator, RID Master,
Infrastructure Master ) and the Active Directory Domains and Trusts MMC to
check for the Domain Naming Master ( one of the Forest-wide FSMO Roles ) and
the Active Directory Schema MMC to check for the other Forest-wide FSMO Role
( Schema Master ). Please see the below link:

http://support.microsoft.com/?id=255504
http://support.microsoft.com/?id=255690


HTH,

Cary
 
Hi, luckily the DC we still have contains all the FMSO
roles, RID, ODC, Schema etc and is a global catolgue,
users can log on etc, however the server keeps trying to
replicate to the failed DC, we won't put a second DC
until later this week. Would I just remove it from the
Repliocation partners and delete in DNS and Computers?
Or run the meta clean up too too?

Regards

Andy
 
Cary,

Just to clarify something about your 5 steps...

In my case, I'm removing a failed DC from a two DC domain. When (if) I add
a second DC again, it will be a fresh rebuild, so I want to completely
remove all references to the failed one.

My surviving DC holds the FSMO roles, so step 1 isn't needed.

===> But I'm confused by your Step 2... If I'm running AD-integrated DNS,
do I need to do Step 2? The DNS on the surviving DC is working fine.

Thanks,

David Thom
 
DT,

Having two of everything ( aka redundancy ) is usually a good thing. So, we
usually suggest that you have two Domain Controllers, make them both Global
Catalog Servers and install DDNS on both. This way if you have to take one
down for service or whatnot there is a second one ( both GC and DNS ) so
your clients should continue without a hiccup ( assuming, of course, that
your DHCP Options are set up correctly ). However, that is not always
feasible ( for instance, in a situation where there are but 11 people in the
company - doubt that there would be two servers in that environment.... ).

So, do you H*A*V*E to install DNS on the second DC? No. Is it a good idea
to do so? Absolutely.

Does this clarify things for you?

Cary
 
Back
Top