Announcement

Collapse
No announcement yet.

remove DC From AD, Considerations???

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • remove DC From AD, Considerations???

    OK I had win2K based AD before with two DC at same location with Exch 2000 on the member server, just end up joining new win2k3 based DC to the existing network.

    I have done FSMO roles transfer from older win2k based DC to newer win2k3 based DC, and also installed and configured DNS on newer win2k3 based DC, I have configured my DHCP to give dns address of the newer DC to all my clients,

    Now I am looking to remove the older win2k based DC by running dcpromo, once it is removed I would like to format it and then fresh install win2k3 on this machine and join the existing win2k3 based DC and second or backup DC,

    Is there anything I need to be doing before I run dcpromo? both Dcdiag and netdiag runs fine on both the newer and older DCs,

    For a test can I shutdown my older win2K based dc for couple of days and see how it goes? because eventually I am going to remove this DC using dcpromo.

  • #2
    Re: remove DC From AD, Considerations???

    You need to demote your DC using DCPROMO command
    http://technet.microsoft.com/en-us/l.../cc740017.aspx
    http://support.microsoft.com/kb/238369

    If you shutdown your DC for few days and after that wish to forcely remove DC, you will need to cleanup metadata using NTDSUTIL
    Last edited by alien_ri; 29th September 2008, 16:30.

    Comment


    • #3
      Re: remove DC From AD, Considerations???

      Originally posted by Yantra View Post
      For a test can I shutdown my older win2K based dc for couple of days and see how it goes? because eventually I am going to remove this DC using dcpromo.
      I would recommend that yes. Also, give it a few days after running dcpromo to see if there any issues. Once your happy the network can cope without this server then you can format.
      Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

      Comment


      • #4
        Re: remove DC From AD, Considerations???

        ]SK[

        Code:
        I would recommend that yes. Also, give it a few days after running dcpromo to see if there any issues. Once your happy the network can cope without this server then you can format.
        When I said that I would like to shutdown my Win2K based DC for couple of days and then run dcpromo on it, I meant to say that I would shutdown the Win2K based DC for lets says two days and if there is no issues then I would again turn on this dc allow it to run for couple of days then run dc promo on it,

        If I shutdown the dc and then dcpromo it without bring it ON again, it will leave ghost object on the AD that I may have to delete using ntdsutil, am I right here? if yes then am I right when I will bring the win2k dc up after shutting down for couple of days and then after it is on for couple of days run dcpromo on it tp remove it?

        Comment


        • #5
          Re: remove DC From AD, Considerations???

          You mean tombstone? The default time for a DC to tombstone is 90 days.

          My suggestion was similar to your first. As long as each of the following steps are OK proceed to the next...
          • Turn off the DC for a few days
          • Boot back up and remove the DC role from this server again turn off the server afterwards
          • After a week has passed you should be ok to format and do what you want with the server
          • I would recommend putting the server into a workgroup this way it will notify AD that the machine is offline. AD will disable the computer account too.

          You really don't have to do this, but I am all for having a safety net.
          Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

          Comment


          • #6
            Re: remove DC From AD, Considerations???

            Many Thanks SK,

            Will let you know the result,

            Comment


            • #7
              Re: remove DC From AD, Considerations???

              it is not healthy to turn off a DC for more then a Day, you would just create replication requests on the others DCs that would fail and create errors.
              although Ghost objects is not the issue since the Tombstone life time is 60 days on AD 2000/2003 pre SP1 (180 days by default only fresh W2K3 w/SP1 AD install not an AD Upgrade), but it is not healthy and to be honest it is not needed.
              if you still want to turn it off for a day or two, then remove anything you got from that DC including DHCP/FSMO roles etc, then turn it off for a day.
              if there is no problems (which I don't see why there should be ), then turn it on and Demote it, don't turn it off twice as suggested here b/c it is really not needed and FSMO roles are not that important on daily work, so no need to turn it off twice just b/c of FSMO roles.
              do it swift and don't play around with down time of the DC, it is not healthy to the AD.
              Last edited by Akila; 1st October 2008, 20:08.

              Comment


              • #8
                Re: remove DC From AD, Considerations???

                Not needed, but if you want to be able to quickly revert back its the safest option. As long as the server is removed/back online before the tombstone period it won't cause any issues. Sure there's going to be event log errors. Event log wouldn't be doing its job if it wasn't going to inform you of replication failures
                There is no reason to turn it off a second time, but is there any reason to leave it on? Besides once that server is demoted the network should be still working, turning it off would once again tell you the network is able to cope without this server.

                I just like to play it safe, removing a DC and not waiting to make sure no issues arise before formatting the server would be pretty careless imo.
                Please remember to leave positive reputation points (The Ying Yang Icon) if someone helps you.

                Comment


                • #9
                  Re: remove DC From AD, Considerations???

                  After all he will need it to remove it from AD structure one way or another. Yantra will decide what method suite him best.

                  Comment


                  • #10
                    Re: remove DC From AD, Considerations???

                    Either way he chooses would be fine it is not that dramatic between the approaches that were suggested here, they are all fine, there is no right or wrong in this case.

                    Comment

                    Working...
                    X