DCPROMO Demotion (morning after)

T

Terminator

Hi All,

I recently successfully demoted (1) of our (3) win2k AD
domain controllers using dcpromo. The server held no roles
or catalogs.

My question is-

I still see the server in AD sites and services (no NDTS)
and also in DNS as a server.

I've seen articles on how to remove data in AD after an
UNSUCCESSFUL Domain Controller demotion. Is there an
article on cleaning up AD after a successful demotion?
 
D

Don Wilwol \(CollTech\)

Bottom line, if the object is still there is was not successfull. In the
event that the NTDS Settings object is not removed correctly (for example,
if the NTDS Settings object is not correctly removed from a demotion
attempt), the administrator can use the Ntdsutil.exe utility to manually
remove the NTDS Settings object.

http://support.microsoft.com/default.aspx?scid=kb;en-us;216498

dw
 
P

Paul McGuire

This is probally normal.. All you have to do is delete the Name Server entry
in DNS. Was This server also a DNS server. That would explain why the
entry is still there. All you have to do is delete the Server from sites
and services. As long as the server is not in AD users and computers in
the DC container.
 
T

Trust No One®

Paul said:
This is probably normal.. All you have to do is delete the Name
Server entry in DNS. Was This server also a DNS server. That would
explain why the entry is still there. All you have to do is delete
the Server from sites and services. As long as the server is not in
AD users and computers in the DC container.
Click to expand...
We've found in practice with our production AD that removing a DC using
DCPROMO _always_ leaves the server object behind as described in AD Sites &
Services. You can delete this lingering object using AD Sites & Services.

We haven't had any problems with DNS cleanup even though we don't use
Microsoft DNS. In all our cases DCPROMO faithfully cleaned up the SRV and
CNAME records.

Regarding manually removing a DC using ntdsutil, we've noticed that the
procedure actually appears to clean up DNS automatically as well. I believe
Microsoft have enhanced ntdsutil with this useful functionality. Thanks
MSFT! :)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DC demotion question 3
Domain controller 4
Server object remains after demotion 1
DSA object could not be deleted 2
File Replication... 4
Cannot delete domain in an existing forest 0
AD Demotion 7
Cannot delete child domain 4

Top