We shut down a site on our wan a week ago. Received the
servers today. The question is:
What is the best way to remove the legacy dc, site,
subnet, etc from AD?
NTDSUtil
Thinking we should bring the dc back up, and dcpromo, but
will that work /cause problems since it will be in a
different subnet?
That's the easiest way to get AD off the MACHINE, but your
question above is about getting it out of AD (from the DCs
that remain.)
The subnet isn't that big a deal. Worst case you can move it
in Sites & Services or temporarily give it the old IP address
(even if you are on another wire -- routing entries are required.)
NTDSUtil
Let me be the one to post the QArticles Herb ;-)
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q230306 (Remove
Orphaned Domains from Active Directory)
http://support.microsoft.com/default.aspx?scid=kb;en-us;216498 (Remove
Data in Active Directory After an Unsuccessful Domain Controller Demotion)
The first one is the one you should follow (to remove orphaned domains).
Ace gave me the following procedure for removing the
AD (not the details FROM AD):
--------------------
Goal: Keep server, lose AD, but it cannot be connected
to the network (right now.)
There are a couple ways. One is this 12 step method put together by a fellow
MCT with the 13 step I added.
You should be able to skip 3).
Note: Not supported by MS, but it works.
13 easy steps and 20 minutes of your time.
1) Make sure the working DC is also a GC
2) Make sure DNS is 100% solid on the working DC.
3) On another DC in the domain run NTDSUTIL to move the FSMO's, or just
seize them.
4) Boot corrupt DC into ADRM, edit the registry change
HKLM\SYSTEM\CCS\Control\ProductOptions change the ProductType value from
LanmanNT to ServerNT.
5) net stop ntfrs to stop FRS.
6) delete winnt\sysvol and NTDS directories.
7) reboot the now former DC
8) Log into the now member server. Change it to a stand alone, by joining a
workgroup
9) Reboot the now stand alone server. Hope you didn't forget the original
admin name and password to the local machine.
10) On the good DC delete the disabled computer account for the old, now
defunct DC
11) On the stand alone run DCPROMO to join the domain/tree/forest again.
12) Reboot and use
13) Use
http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q216498 to
cleanup the old DC's reference in AD.
Another way is to use this hotfix where it gives DCPROMO a /forceremoval
switch.
To remove a DC from AD when dcpromo bombs out on you, try this hotfix that
you can install to allow you to use the /forceremoval dcpromo switch after
which you can clean up the metadata and repromote your server or do whatever
you want with it.
http://support.microsoft.com/?id=332199