Safely remove a DC from AD

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Situation:

I Have 3 DC for my W2K domain; One of them had a hardware fairlure, and is
no longer available and is ready to be re-installed (got a new disk).
My question is; should I go ahead and re-install the server or I have to
previously take all data of the failing server from the remaining domain
controllers? if so, how do I do it?.
It seems to be easy to go to de AD Sites & services, right click de failing
server and click on "Delete", but I dont know what consecuencies that would
bring to my AD.
The good news is that the server in cuestion is not the global catalogue,
but I don´t know how to check if the server in cuestion had any other
important role (Schema Master, PDC emulator etc).
So, if somebody knows how to procede in a situation like mine, feel free to
let me know all the steps to ensure avoinding a future nightmare.

I'm just here waiting 4 your HELP!!! :)
 
Fernando,

If the server did hold any fsmo roles, they would have been transferred when
the server crashed. One sure way to find out who's holding the fsmos roles
is to use replication monitor or netdom. Replication monitor and netdom are
part of the support tools on the server cd. After you install the support
tools (if not already installed), open replication monitor add servers >
right click a server object > properties. You should see a tab FSMO Roles.
If the server did hold fsmo roles, you'll have to seize the roles. See this
link for seizing roles:
http://support.microsoft.com/kb/255504

After you install the new drive, install w2k server(same server name), if
you have a backup you can do an non-authoritative restore and replication
will get the server up-to-date.

Here's a link you may find helpful:
http://support.microsoft.com/default.aspx?scid=kb;en-us;287061
 
Fernando,

No disrespect to Mr. Hall, but the FSMO roles would not have been
transferred when the server crashed. The only ways to transfer the roles
are, through the MMC, through NTDSUTIL and by demoting the server.

He is absolutely correct in that netdom and replmon will help you locate
where the FSMO roles are expected. The GC is not a FSMO role and is no big
deal if lost. Just assign another DC as a GC (you should have two per
site). The FSMO roles are the catch -- you will need to use NTDSUTIL to
seize them and then follow up with ADSIEdit and the DNS manager to clean all
traces of the failed DC. From there you need to FORMAT the old DC to ensure
that it will NEVER be online again.

From there you can rebuild the server. If you have cleaned everything
sufficiently, you will be able to maintain its old name. You may want to
consider changing the name of the DC before joining it so as not to run into
any problems with AD objects that you may have missed.

Hope this helps.

--
Ryan Hanisco
MCSE, MCDBA
FlagShip Integration Services

C Hall said:
Fernando,

If the server did hold any fsmo roles, they would have been transferred
when
the server crashed. One sure way to find out who's holding the fsmos roles
is to use replication monitor or netdom. Replication monitor and netdom
are
part of the support tools on the server cd. After you install the support
tools (if not already installed), open replication monitor add servers >
right click a server object > properties. You should see a tab FSMO Roles.
If the server did hold fsmo roles, you'll have to seize the roles. See
this
link for seizing roles:
http://support.microsoft.com/kb/255504

After you install the new drive, install w2k server(same server name), if
you have a backup you can do an non-authoritative restore and replication
will get the server up-to-date.

Here's a link you may find helpful:
http://support.microsoft.com/default.aspx?scid=kb;en-us;287061
Click to expand...
 
Ryan,

No problem. Not sure where I read that about the FSMO roles and despite
seeming a bit odd, I took it at face value.
Regards,
Chris

Ryan Hanisco said:
Fernando,

No disrespect to Mr. Hall, but the FSMO roles would not have been
transferred when the server crashed. The only ways to transfer the roles
are, through the MMC, through NTDSUTIL and by demoting the server.

He is absolutely correct in that netdom and replmon will help you locate
where the FSMO roles are expected. The GC is not a FSMO role and is no big
deal if lost. Just assign another DC as a GC (you should have two per
site). The FSMO roles are the catch -- you will need to use NTDSUTIL to
seize them and then follow up with ADSIEdit and the DNS manager to clean all
traces of the failed DC. From there you need to FORMAT the old DC to ensure
that it will NEVER be online again.

From there you can rebuild the server. If you have cleaned everything
sufficiently, you will be able to maintain its old name. You may want to
consider changing the name of the DC before joining it so as not to run into
any problems with AD objects that you may have missed.

Hope this helps.
Click to expand...
 
Back
Top