How Manually Removing A Domain Controller Server

 Thank to: https://argonsys.com/


Use of DCPROMO is still the proper way to remove a DC server in an Active Directory infrastructure. The following video provides an example of these steps:

Certain situations, such as server crash or failure of the DCPROMO option, require manual removal of the DC from the system by cleaning up the servers metadata. The following detailed steps will help you accomplish this:

Removing metadata via Active Directory Users and Computers

  1. Log in to DC server as Domain/Enterprise administrator and navigate to Server Manager > Tools > Active Directory Users and Computers
  2. Expand the Domain > Domain Controllers
    meta1
  3. Right click on the Domain Controller you need to manually remove and click Delete
    Manually-Removing-A-Domain-Controller-Windows-Server-2.png
  4. Click Yes to confirm within the Active Directory Domain Services dialog box
    Manually-Removing-A-Domain-Controller-Windows-Server-3.png
  5. In next dialog box, select This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO) and click Delete
    Manually-Removing-A-Domain-Controller-Windows-Server-4.png
  6. If the domain controller is global catalog server, in next window click Yes to continue with deletion
  7. If the domain controller holds any FSMO roles in next window, click Ok to move them to the domain controller which is available

Removing the DC server instance from the Active Directory Sites and Services

  1. Go to Server manager > Tools > Active Directory Sites and Services
  2. Expand the Sites and go to the server which need to remove
  3. Right click on the server you which to remove and click Delete
    Manually-Removing-A-Domain-Controller-Windows-Server-5.png
  4. Click Yes to confirm
    Manually-Removing-A-Domain-Controller-Windows-Server-6.png

Remove metadata via ntdsutil

  1. Right Click on Start > Command Prompt (admin)
  2. Type ntdsutil and enter
    Manually-Removing-A-Domain-Controller-Windows-Server-7.png
  3. You are then presented with the metadata cleanup prompt
    meta8
  4. Next type remove selected server <servername>
    NOTE: Replace <servername> with domain Controller server you wish to removeManually-Removing-A-Domain-Controller-Windows-Server-9.png
  5. Click Yes to proceed when presented with the warning window
  6. Execute the quit command twice to exit out of the console.

Other Way

Incomplete addition or removal of a domain controller can lead to inconsistency in data due to the presence of a domain controller that exists, but is not completely functional. This hinders other processes and complete cleanup is required. The following steps describe how to cleanup the metadata.

  1. In the command line, type ntdsutil and press enter.
    C:\WINDOWS→ntdsutil
    You will see the following prompt displayed in the command prompt window:
    ntdsutil:
  2. At the Ntdsutil: prompt, type metadata cleanup
    ntdsutil: metadata cleanup
    Once you are done with that, the metadata cleanup prompt will appear like this:
    metadata cleanup:
  3. At the 'metadata cleanup:' prompt, type connections and press Enter.

    metadata cleanup: connections
    Now the server connections mode is on, as mentioned below:
    server connections:
  4. In 'server connections:', type :
    connect to server < servername→

    Here <servername→ is the domain controller (any functional domain controller in the same domain) from which you plan to clean up the metadata of the failed domain controller. Press Enter after entering your server name. In this case, consider the server name to be server100. You will see the following entry.
    server connections: connect to server server100
    Binding to server100 ...
    Connected to server100 using credentials of locally logged on user.

  5. Type 'q' in server connections to quit and press Enter to return to the metadata cleanup prompt.
    server connections: q
    metadata cleanup:
  6. In metadata cleanup, type select operation target and press Enter.
    metadata cleanup: Select operation target
    Now select operation target mode will come up.
    select operation target:
  7. Type list domains and press Enter.
    select operation target: list domains
    This lists all domains in the forest with a number associated with each.
    Found 1 domain(s)
    0 - DC=dorg,DC=net
  8. Type select domain <number→, where <number→ corresponds to the domain in which the failed server was located. Press Enter.
    select operation target: Select domain 0
    We specify the number as 0 here, as the previous prompt let us know that 0 is the number assigned to the domain "dorg.net". Next you will see:
    No current site
    Domain - DC=dorg,DC=net
    No current server
    No current Naming Context
  9. Type list sites and press Enter.
    select operation target: List sites
    The sites belonging to this domain are then listed as below:
    Found 1 site(s)
    0-CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg,DC=net
  10. Type select site <number→, where <number→ refers to the number of the site in which the domain controller was a member. Press Enter.
    select operation target: Select site 0
    We specify the number as 0 here, as the previous prompt let us know that 0 is the number assigned to the site available. Next you will see:
    Site-CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg,zC=net
    Domain - DC=dorg,DC=net
    No current server
    No current Naming Context
  11. Type list servers in site and press Enter.
    select operation target: List servers in site
    This will list all servers in that site with a corresponding number.
    Found 2 server(s)
    0-CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg,DC=net
    1-CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg,DC=net
  12. Type select server <number→ and press Enter, where <number→ refers to the domain controller to be removed.
    select operation target: Select server 0
    The number is 0 since we want to take out server200. You will be able to view:

    Site-CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg,DC=net Domain - DC=dorg,DC=net
    Server-CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg,DC=net
    DSA-object-CN=NTDSSettings,CN=SERVER200,CN=Servers, CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg, DC=net DNS host name - server200.dorg.net
    Computer object-CN=SERVER200,OU= Domain Controllers,DC=dorg,DC=net
  13. Type 'q' to quit and press Enter. The Metadata cleanup menu is displayed.
    select operation target: q
    metadata cleanup:
  14. Type "remove selected server" and press Enter. You will receive a warning message. Read it, and if you agree, press Yes.

    metadata cleanup: Remove selected server
    "CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,
    CN=Sites,CN=Configuration,DC=dorg,DC=net" removed from server "server100"

  15. Type quit, and press Enter until you return to the command prompt to remove the failed server object from the sites.
  16. In Active Directory Users and Computers, expand the domain controllers container. Delete the computer object associated with the failed domain controller.
  17. Windows Server 2003 AD might display a new type of question window, asking you if you want to delete the server object without performing a DCPROMO operation . Select “This DC is permanently offline…” and click on the Delete button.
  18. AD will display another confirmation window. If you’re sure that you want to delete the failed object, click Yes to remove the failed server object from DNS.
  19. In the DNS snap-in, expand the zone that is related to the domain from where the server has been removed. Remove the CNAME record in the _msdcs.root domain of forest zone in DNS. You should also delete the HOSTNAME and other DNS records. If you have reverse lookup zones, also remove the server from these zones.

Comentarios

Publicar un comentario

Dime si la información de este blog te sirvio.

Entradas populares de este blog

Guía de herramientas básicas para estudiantes: 31 apps y webs imprescindibles para ayudarte con los estudios

Imagen
  Te traemos una guía con   31 aplicaciones y herramientas web para ayudarte como estudiante , una colección muy variada para sacar provecho en diferentes ámbitos en los que puedas necesitarlo. Nos hemos dejado fuera el ámbito educativo para los más jóvenes, recursos que tenemos en   esta otra guía , y nos hemos centrado en estudiantes más adultos. Hemos decidido centrarnos en herramientas prácticas, dejando fuera las plataformas para cursos online, tanto  las más conocidas  como  otras menos conocidas . Lo que hemos preferido buscar son recursos que puedas usar en tu día a día, como gestores de fuentes y citaciones, herramientas para diagramas, para intercambiar apuntes o para crear diferentes contenidos. Y lo que decimos siempre en Xataka Basics hoy cobra más sentido que nunca. Nosotros te traemos 31 herramientas, pero te invitamos a  compartir tus propuestas en la sección de comentarios  para que el resto de usuarios también pueda beneficiarse de los conocimientos de nuestros xatake
Leer más

Comando FOR para archivos BAT

Gracias a: http://profesoremiliobarco.blogspot.com/ El comando FOR sirve para ejecutar bucles de instrucciones, y es una instrucción que se encuentra disponible en todos los lenguajes de programación. Un bucle son varias repeticiones de algunas instrucciones. Este comando suele ser el más complicado de entender para las personas que empiezan a escribir archivos BAT complejos. Aqui intentaré explicar todas las opciones y usos del comando FOR, así como intentar resolver las dudas que los usuarios de Internet me puedan plantear. La sintaxis normal del comando FOR es: FOR %var IN (lista) DO (      comando     comando      ... )  Pero si lo vamos a usar dentro de un archivo BAT será así: FOR %%var IN (lista) DO (      comando     comando      ... ) Observa que la variable "var" ahora va precedida por dos simbolos de "%". Además, si este for está dentro de un archivo BAT, el nombre de la variable debe ser UNA SOLA LETRA (p.ej: %%n, %%i,  %%j , etc
Leer más

Policy Based Routing example: route one subnet via ISP A and another via ISP B

Imagen
thanks to: http://glennmatthys.wordpress.com/ Goal Setup a network with a Cisco router that routes one local subnet via internet connection A and another local subnet via internet connection B. In this example we’ll use one LAN side, which has two subnets: 192.168.1.0/24 192.168.2.0/24 We want traffic destined for the internet, originating from the 192.168.1.0/24 network, to be sent to ISP A, which is connected to FastEthernet0 We want traffic destined for the internet, originating from the 192.168.2.0/24 network, to be sent to ISP B, which is connected to FastEthernet1 Both internet connections get their IP address via DHCP. Prerequisites For this  configuration you’ll need: One dual WAN router, such as a 1811 Two internet connections (or simulated ones) 2 nodes, one for the 192.168.1.0/24 subnet and one for the 192.168.2.0/24 subnet. These can be two different computers, or two virtual machines, etc… ClientA, Windows 7, will connect to 192.168.1.0/24 and sur
Leer más