Announcement

Collapse
No announcement yet.

Proper Way to Disjoin from Domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Proper Way to Disjoin from Domain

    Does a system need to be powered on and connected to a domain to be properly removed from that domain?

    For example, suppose SYSTEM1 is on DOMAIN1 and SYSTEM1 is powered down. Can I properly remove SYSTEM1 by simply deleting it from Active Directory?

    What's the difference between doing that and changing the domain of the system to a workgroup while powered on?


    Thanks.

  • #2
    Re: Proper Way to Disjoin from Domain

    Both operations need to be completed.

    You can manually delete the computer object while the computer is offline and you can manually change the computer from domain to workgroup while it's offline.

    Changing from domain to workgroup while the computer is connected to the domain will perform both operations automatically.

    Comment


    • #3
      Re: Proper Way to Disjoin from Domain

      Thanks!

      How do you change the computer from domain to workgroup while it's offline?

      Usually I do it from the advanced computer properties, but those obviously aren't accessible while the system is off.

      Comment


      • #4
        Re: Proper Way to Disjoin from Domain

        You need to power it on.

        Comment


        • #5
          Re: Proper Way to Disjoin from Domain

          Originally posted by wullieb1 View Post
          You need to power it on.
          Hmm..maybe it's a typo in joeqwerty's response, but it says you can change from domain to workgroup while the system is off.

          Comment


          • #6
            Re: Proper Way to Disjoin from Domain

            I said offline, not off, as in not connected to the domain.

            Comment


            • #7
              Re: Proper Way to Disjoin from Domain

              Originally posted by joeqwerty View Post
              Both operations need to be completed.

              You can manually delete the computer object while the computer is offline and you can manually change the computer from domain to workgroup while it's offline.

              Changing from domain to workgroup while the computer is connected to the domain will perform both operations automatically.
              Just to clarify what joeqwerty said.

              Offline and Off are different.

              Offline is powered on but disconnected from the network.

              Off is, well off

              Comment


              • #8
                Re: Proper Way to Disjoin from Domain

                Originally posted by joeqwerty View Post
                I said offline, not off, as in not connected to the domain.

                Ah, so is there any difference between these two scenarios?

                Scenario 1: SYSTEM1 is a member of DOMAIN1 and is online. You change the membership from DOMAIN1 to workgroup (and SYSTEM1 is automatically deleted from AD).

                Scenario2: SYSTEM1 is a member of DOMAIN1. You power the system off, physically move it to another location, then log on locally (not onto DOMAIN1). Then, you 1)change the membership from DOMAIN1 to workgroup and 2) Delete the system from AD.

                I guess the question is, is there any difference between changing the membership of SYSTEM1 from DOMAIN1 to workgroup while it is online, connected to the domain, and changing the membership of SYSTEM1 from DOMAIN1 to workgroup while it is not online, connected to the domain (and manually deleting it from AD).

                I'm curious if the first method "properly" removes SYSTEM1 from the domain (i.e., removes other references to SYSTEM1 from DOMAIN1) while method two does not.


                Thanks for the help guys.
                Last edited by blashmet; 20th February 2015, 21:38.

                Comment


                • #9
                  Re: Proper Way to Disjoin from Domain

                  Both have the same effect and resolve the "normal" problem that someone changes the computer but does not clean up AD
                  Tom Jones
                  MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                  PhD, MSc, FIAP, MIITT
                  IT Trainer / Consultant
                  Ossian Ltd
                  Scotland

                  ** Remember to give credit where credit is due and leave reputation points where appropriate **

                  Comment


                  • #10
                    Re: Proper Way to Disjoin from Domain

                    Originally posted by Ossian View Post
                    Both have the same effect and resolve the "normal" problem that someone changes the computer but does not clean up AD
                    Great, thanks! Although this raises another question...

                    If both accomplish the same thing, then I assume the first step (i.e., changing the system's membership from DOMAIN1 to workgroup) only changes something locally on SYSTEM1 and doesn't change anything on the DOMAIN1 (e.g., static references to SYSTEM1), since the domain won't know about step 1 (because SYSTEM1 is offline when step 1 is done).

                    Then, step 2 (i.e., removing the system from AD) is what causes all of the domain wide changes to occur? (e.g., removes references within the domain to SYSTEM1, removes SYSTEM1 from the DNS server, etc.).

                    If the above is correct, then what's the point of doing step 1 if the server will be decommissioned?

                    Thanks again for the help.
                    Last edited by blashmet; 23rd February 2015, 08:56.

                    Comment


                    • #11
                      Re: Proper Way to Disjoin from Domain

                      You are correct - if the computer will never come near the domain again, only the AD cleanup is required.

                      (You didn't mention decommissioning in earlier posts, and everyone's psychic powers do not appear to be working these days )
                      Tom Jones
                      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                      PhD, MSc, FIAP, MIITT
                      IT Trainer / Consultant
                      Ossian Ltd
                      Scotland

                      ** Remember to give credit where credit is due and leave reputation points where appropriate **

                      Comment


                      • #12
                        Re: Proper Way to Disjoin from Domain

                        Originally posted by blashmet
                        If the above is correct, then what's the point of doing step 1 if the server will be decommissioned?
                        Server??? Where did that come from. All that has been mentioned was SYSTEM1.

                        Removing a PC/Workstation from AD is totally different to removing (decommissioning a Server). So which one are you trying to do (or actually asking about)?
                        1 1 was a racehorse.
                        2 2 was 1 2.
                        1 1 1 1 race 1 day,
                        2 2 1 1 2

                        Comment


                        • #13
                          Re: Proper Way to Disjoin from Domain

                          Originally posted by biggles77 View Post
                          Server??? Where did that come from. All that has been mentioned was SYSTEM1.

                          Removing a PC/Workstation from AD is totally different to removing (decommissioning a Server). So which one are you trying to do (or actually asking about)?


                          Thanks for the clarification. I am talking about decommissioning a server. What's the difference between decommissioning a server vs. workstation?

                          Comment


                          • #14
                            Re: Proper Way to Disjoin from Domain

                            Originally posted by Ossian View Post
                            You are correct - if the computer will never come near the domain again, only the AD cleanup is required.

                            (You didn't mention decommissioning in earlier posts, and everyone's psychic powers do not appear to be working these days )

                            So even though we're talking about a server now, only AD cleanup is required?

                            Was there a time in the past (maybe an earlier version of AD or Windows Server) when it was proper (maybe even necessary) to change from DOMAIN to WORKGROUP while the server was still connected to the domain?

                            What actually happens when the system is deleted from AD? Are there a lot of things that happen domain-wide?

                            Comment


                            • #15
                              Re: Proper Way to Disjoin from Domain

                              Out of curiosity, what training and experience do you have in managing an AD domain? - these are all very low level tasks which any SysAdmin (or even 1st/2nd line support) are able to do in their sleep. You may want to ask your network admin for advice about your particular environment.

                              The answer to your question is that there is no difference (in process) between removing a member server and a workstation from a domain, although for the server you would also obviously check for mapped drives / file shares / printers / any other roles on it before you contemplate removing it. There will also be some documentation and possibly a DNS cleanup after removal.
                              Tom Jones
                              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                              PhD, MSc, FIAP, MIITT
                              IT Trainer / Consultant
                              Ossian Ltd
                              Scotland

                              ** Remember to give credit where credit is due and leave reputation points where appropriate **

                              Comment

                              Working...
                              X