Removing Active Directory

  • Thread starter Thread starter Absolutely
  • Start date Start date
A

Absolutely

I have a mail server that was setup as a DC and the thing recently developed
an problem with AD. I have to boot it in AD recovery mode to keep it
running so the mail server portion works. It won't allow me to connect to
the domain to restore it, and actually I'd like to return it to being a
member server. But, I can't figure out how to do this.

Is there a way to remove any AD stuff on it in the condition it's in so I
can go back and just make it a member server?
 
There is an entry in the registry that you can change that will fool the
server into thinking that it is a member server. It will not try to load the
DIT. Changing it will allow the server to start normally, but there are a
bunch of registry settings and other behind-the-scenes things that need to be
fixed eventually so that it is truly just a member server. Normally, I would
do the following:
1. Change the registry setting.
2. Boot the server normally (You will need to logon with the Administrator
account with the Directory Services Restore Mode password. If you do not
know that password, then make sure you change it before you change the
registry setting. It can be changed using Setpwd.exe. See KB 239803 for
more info.)
3. Put the server in a workgroup
4. Run dcpromo to promote it to a DC in a temporary domain
5. Run dcpromo to demote it (This is the most important step because it will
remove/change all of the DC specific settings on the server so that it is
truly just a member server).
6. If you want to use the server as a DC again, then you will need to
perform a metadata cleanup in AD to remove any references to the server as a
DC.
7. Join the server back to the original domain.
8. Run dcpromo to become a DC in original domain.

You should not perform anything past step 2 as long as you have Exchange
services running on the server. You may want to consider moving the
mailboxes on the server to another location temporarily so that you can
perform the rest of the steps to remove AD completely.
Make sure that you have GOOD backups of everything on the server before
attempting to change the registry. This is a last resort solution, so be
careful.

The regkey is here:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions

You need to modify the ProductType value by doing the following:
 
Great response! Thanks for taking the time.

By the way, if I choose to keep it as a member server, is there any reason
to rejoin the original domain at step 8?
 
No, you do not need to do step 8 if you would like to keep it as a member
server. Just remember that steps 3-8 will adversely affect Exchange, so make
sure you do something to keep from hurting your Exchange installation.
 
No Exchange here (IMail).

Thanks again.




Ele7eN said:
No, you do not need to do step 8 if you would like to keep it as a member
server. Just remember that steps 3-8 will adversely affect Exchange, so
make
sure you do something to keep from hurting your Exchange installation.
Click to expand...
 
Back
Top