Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
How to remove child domain from clients log on to option ?

Respondido How to remove child domain from clients log on to option ?

  • Tuesday, May 08, 2012 5:49 AM
     
     
    Sign In to Vote
    0

    Hi Team,

    Recently, i have demoted my Child Domain controller in the domain.

    But, still in clients and other member servers i am able to see my domoted Child domain in the logon to listbox.

    How to remove by de-commisoned domain form the logon to list for clients and member servers. Please suggest.

    Regards,

    Dev

     

All Replies

  • Tuesday, May 08, 2012 6:11 AM
     
     
    Sign In to Vote
    0

    Hi, 

    please check if the trust to the child domain is still there. 

    Take a look at: 

    http://technet.microsoft.com/en-us/library/cc782416%28WS.10%29.aspx

    Regards, Martin Forch

     
  • Tuesday, May 08, 2012 6:14 AM
     
     Answered
    Sign In to Vote
    0

    How  have you demoted DC,was the demotion graceful or normal?If the server was demoted forcefully you need to run metdata cleanup to remove the domain from AD database and dns.

    How to ran  metadata cleanup on the Forest Root DC to delete the child domain.
    - C:\>ntdsutil
    - ntdsutil: metadata cleanup
    - metadata cleanup: connections
    - server connections: connect to server DC01
    Binding to DC01 ...
    Connected to titanic using credentials of locally logged on user
    - server connections: quit
    - metadata cleanup: select operation target
    - select operation target: list domains
    Found 3 domain(s)
    0 - DC=Microsoft,DC=com
    1 - DC=Child1,DC=Microsoft,DC=com
    2 - DC=Child2,DC=Microsoft,DC=com
    - select operation target: select domain 2
    Site - CN=London,CN=Sites,CN=Configuration,DC=Microsoft,DC=com
    Domain - DC=Child2,DC=Microsoft,DC=com
    No current server
    No current Naming Context
    - select operation target: quit
    - metadata cleanup: remove selected domain

    Reference:
    http://support.microsoft.com/kb/230306
    http://support.microsoft.com/kb/216498/EN-US/

    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.



     
  • Tuesday, May 08, 2012 9:07 AM
    Moderator
     
     
    Sign In to Vote
    0

    If you have demoted your child domain, then you need to give sometime to replicate those changes to the other DC's in the domain.You can reference below article to remove the remnants which are not removed either you demote the domain or DC. Also, lets us know, did you demote all the child domain DC first and then finally removed child domain or directly removed child domain without demoting the DC's first. Also, go the AD domain and trust console and see if the child domain is listed there or not, if yes get rid of it.

    Remove References of a Failed DC/Domain Or Perform Metadata Cleanup  http://awinish.wordpress.com/2011/05/08/metadata-cleanup-of-a-domain-controller/

    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

     
  • Tuesday, May 08, 2012 9:24 AM
     
     
    Sign In to Vote
    0

    Hi, 

    in addition to my previos post, please check if the domain is shown under the trusted domains within the domain and truts console.

    How to do that?

    open the domain and trusts console --> Right click on the root domain --> properties and check if the subdomain is listed in incoming and outgoing trusts. When the domain is still there get rid of it.

    Regards, Martin Forch

     
  • Tuesday, May 08, 2012 9:40 AM
     
     
    Sign In to Vote
    0

    Hi Dev,

    Sometime this happens if the trustDomain object for child domain is still present in AD. You can maunally remove TDO this way - use ADSIEdit to delete the trustDomain object for the child. To do this, follow these steps:

    1. Click Start, click Run, type adsiedit.msc, and then click OK
    2. Expand the Domain NC container.
    3. Expand DC=<var>Your Domain</var>, DC=COM
    4. Expand CN=System.
    5. Right-click the Trust Domain object, and then click Delete.

    Let me know if this resolves your issue!

     Sachin Gadhave (MCP, MCTS)

    View Sachin Gadhave's profile on LinkedIn