demote DC + kill domain, question

[Ziek]

We created a subdomain for test purposes (don't ask) and now we would like
to demote all DC's in this domain and kill the subdomain completely, then we
would like to re-create this domain and use it for production purposes (same
domain name, same DC names, etc..)

If we have a large forest that spans quite a few geographic areas, do I need
to make sure that after all DC's have been demoted for this domain, that all
other DC's in the forest have updated themselves through replication that
this domain no longer exists, before dcpromo'ing a new DC for this domain?

How can I ensure that the domain and all DC references are completely
removed from AD accross my forest, prior to re-creating it, so that I don't
get conflicts?

 

[Cary Shultz [A.D. MVP]]

Ziek,

I would simply run dcpromo on the DCs in the 'test' domain. When you run
dcpromo on the last DC of that 'test' domain then you need to make sure that
you select the 'This is the last Domain Controller of this Domain' check
box. Or is it a radio button? Pretty sure that it is a check box. Anyway,
the point is that you would remove it like you would any other. Just give
it a lot of time so that replication has happened throughout your entire
environment. But I think that you are clear on this.

How to make sure that all of the DCs are actually gone? You could start by
looking at ADSIEdit.

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com

 

[Cary Shultz [A.D. MVP]]

Opps,

Did I miss the part where you want to keep the user account objects and
computer account objects?

Not sure that I understand why you want to remove a sub-domain completely
and then bring it back....using the same domain name and names for Domain
Controllers and the like. Seems pointless to me! Or, since it was a 'test'
domain did you guys play around with a lot of things, possibly breaking
things in the process to learn how to fix things but were not quite able to
fix things completely?

You could also use ntdsutil to check things.......but be very careful with
this tool!

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com

 

[Ziek]

We dont' want to keep any objects in that domain.
Yes, it was a test domain and we played around and now want to start from
scratch...

 

[Cary Shultz [A.D. MVP]]

Then I would simply run dcpromo on each Domain Controller. Give it time to
replicate the removal of that Domain Controller through out the entire
forest. Then run dcpromo on the second Domain Controller. Give that time
to replicate through out the entire forest. Continue until you have reach
the final Domain Controller in that test domain. On this one make sure the
check the 'This is the last Domain Controller for xxxxx domain".

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com

 

[Ziek]

can you not force replication instead of waiting each time you demote for
the change to replicate across the entire enterprise?

 

[Ryan Hanisco]

Right... You can use REPLMON in the support tools to force a replication
event. Do this from the PDCe, then when you get the pop-up box, tell it to
push replication to all replication partners.

If you have a very large site, you may want to wait a bit then do a force
from each bridgehead.
--
Ryan Hanisco
MCSE, MCDBA
FlagShip Integration Services
Chicago, IL