none
Remove AD domain from Forest Root

    Question

  • Hey guys,

    So here is the scoop. There are currently two domains that have been connected in the past. Domain1.local and Domain2.local via two way and transitive.

    Domain1.local is currently the Forest Root. Domain2.local was connected in the past but now we need to split it off and removed (not deleted) from this relationship. Domain2.local needs to be standalone. All DCs are server 2012 or higher.

    DC1.Domain1.local currently holds the Schema Master and Domain Naming Master roles. DC1.Domain2.local holds its own roles for Domain2.local except the Schema Master and Domain Naming Master. After some research with various keywords, I did not really find the answer I was looking for (a lot of them dealt with deleting the domain or demoting DCs, etc).

    Is there a away to cleanly remove Domain2.local from the Forest? Deleting the trust, remove transitive, remove from Sites, delete DNS zone, etc?

    Thanks,
    Tuesday, November 29, 2016 7:40 PM

Answers

  • Hi

     As mentioned you can not simlpy remove child domain and convert it stand alone,so first you should confgure new domain (which needs),then configure trust between source domain and new one,migrate AD resources from source to target domain.

     When all these steps complete successfully then you can remove child domain from root forest.

    You can use ADMT for migration ; https://technet.microsoft.com/en-us/library/cc974332%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Marked as answer by DeltaSierra12 Wednesday, December 7, 2016 5:05 PM
    Wednesday, November 30, 2016 11:35 AM

All replies

  • Hi,

    >>Is there a away to cleanly remove Domain2.local from the Forest? Deleting the trust, remove transitive, remove from Sites, delete DNS zone, etc?

    First you need to remove the trust-relationship between two domains, using AD domain and trusts.

    Second, deleting the related dns records in both domains.

    Lastly,open adsiedit, deleting the related database in AD.

    For instance:

    Best regards,

    Andy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, November 30, 2016 8:55 AM
    Moderator
  • Hello,

    It does not work that way. Child and Parent domains are not only connected with a trust but also share the Configuration Directory partition and are part of the same Global Catalog.

    If you want to make Domain2.local an independent domain, you will need to install the new AD Domain for it and migrate everything there.

    /Regards

    Wednesday, November 30, 2016 11:04 AM
  • Hi

     As mentioned you can not simlpy remove child domain and convert it stand alone,so first you should confgure new domain (which needs),then configure trust between source domain and new one,migrate AD resources from source to target domain.

     When all these steps complete successfully then you can remove child domain from root forest.

    You can use ADMT for migration ; https://technet.microsoft.com/en-us/library/cc974332%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    • Marked as answer by DeltaSierra12 Wednesday, December 7, 2016 5:05 PM
    Wednesday, November 30, 2016 11:35 AM
  • I ended up using ADMT for the migration.

    Thank you for the assistance.

    Wednesday, December 7, 2016 5:06 PM
  • 1.Go to ADSI edit in administrative tools
    2.Right click ADSI Edit and connect to Domain's Naming conntext" configuration" then click "OK
    3.Cofiguration-->CN=configuration,DC=your domain,DC=com -->CN=Partitions 
    4.Select and Delete Name: CN=your child domain /Directory partition Name: DC=child domain,DC=com 
    5.Now check Active Directory Domain and Trust (child domain entry would be removed)
    Monday, September 3, 2018 11:07 AM
  • 1Click Start, click Run, type  ADSIEdit.msc, and then click OK 2.Expand the Domain Naming Context container 3.Expand DC=Your Domain, DC=COM4.Expand CN=System.  5.Right-click the Trust Domain object (childDC. domain.com), and then click Delete

    7.Right-Click CN=Users--> CN=child domain$ and then Delete. If not deleted (no problem follow next step)

    8.Go to ADSI edit in administrative tools 9.Right click ADSI Edit ->connect to Domain's Naming contextconfiguration" then click ok 10.Cofiguration-->CN=configuration,DC=your domain,DC=com -->CN=Partitions  11.Select and Delete Name: CN=your child domain /Directory partition Name: DC=child domain,DC=com  12.Now check Active Directory Domain and Trust (child domain entry would be removed)

    Monday, September 3, 2018 11:28 AM