none
Clean way to remove a Windows Server 2003 R2 domain controller

    Question

  • A branch office closed down and the domain controller was shipped back to my office without being demoted/removed from AD. I still have the site in AD and I want to remove the site and the domain controller. Any suggestions for the best approach for this?

    I was thinking of moving the DC to my site, then demoting it, but I'm open to suggestions.

    Thanks,

    Robert

    Friday, April 19, 2013 4:20 PM

Answers

  • Hi Robert,

    I suggest you remember below steps while demoting a DC.

    1. Check DC and its roles first, if DC have any roles seize it to another DC in your domain/forest.
    2. Once you confirmed that another DC hold all 5 FSMO roles & DNS role then you can go for an option removal of old/branch office DC references from AD Database with the help of metadata cleanup.
    3. Even though if you remove a DC, some of references will be there in directory database and it will cause for replication failures.So we have to metadata clean up and we need to remove demoted DC references from AD Database completely.

    Useful link for Metadata cleanup:http://www.petri.co.il/delete_failed_dcs_from_ad.htm


    Regards, Ravikumar P

    Friday, April 19, 2013 4:39 PM
  • Hello,

    start the server without connection to the network and change it's ip address to the new subnets ip range, reconnect to the network and then reboot.

    Now give some time that the server is replicating again, change it in AD sites and services to the new site and either keep it or start the normal demoting process, do not forget manual removing from AD sites and services, as this is NOT done during demotion. That way there is no seizing required or any additional steps.

    If you do not think about doing above mentioned way then you have to run metadata cleanup on the existing domain DCs according to:

    http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx

    Also assure that the not longer used DC is removed from AD sites and services, DNS zones and DNS name server tabs.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Friday, April 19, 2013 5:42 PM

All replies

  • Hi Robert,

    I suggest you remember below steps while demoting a DC.

    1. Check DC and its roles first, if DC have any roles seize it to another DC in your domain/forest.
    2. Once you confirmed that another DC hold all 5 FSMO roles & DNS role then you can go for an option removal of old/branch office DC references from AD Database with the help of metadata cleanup.
    3. Even though if you remove a DC, some of references will be there in directory database and it will cause for replication failures.So we have to metadata clean up and we need to remove demoted DC references from AD Database completely.

    Useful link for Metadata cleanup:http://www.petri.co.il/delete_failed_dcs_from_ad.htm


    Regards, Ravikumar P

    Friday, April 19, 2013 4:39 PM
  • Hello,

    start the server without connection to the network and change it's ip address to the new subnets ip range, reconnect to the network and then reboot.

    Now give some time that the server is replicating again, change it in AD sites and services to the new site and either keep it or start the normal demoting process, do not forget manual removing from AD sites and services, as this is NOT done during demotion. That way there is no seizing required or any additional steps.

    If you do not think about doing above mentioned way then you have to run metadata cleanup on the existing domain DCs according to:

    http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx

    Also assure that the not longer used DC is removed from AD sites and services, DNS zones and DNS name server tabs.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Friday, April 19, 2013 5:42 PM