Manually removing orphaned child domain & DC issue

[james.mcmillan]

Hi

I have inherited a Win 2000 AD with 3 domains. Root domain is
'a.local', the two child domains are b.local and c.local. I believe
these 2 child domains were created as a test - a.local is in use and
contains valid user accounts etc etc.

The domain controllers for b.local and c.local have long since been
turned off and wiped, WITHOUT removing AD from them - thus AD thinks
they still exist.

I need to add a Windows 2003 server into the mix, and make it a DC for
the root domain - I don't want to go about preparing the 2000 AD
however, until I have cleaned up the current mess.

Where do I go first? If I use ntdsutil to remove these DC's, will that
remove the child domain info at the same time? Should I use
ntdsutil/adsiedit to remove the child domain name and THEN the DC's?

Help!

Thanks for any help, James

 

[Paul Bergson]

You do use ntdsutil and it is a pretty easy and stright forward process.

http://support.microsoft.com/default.aspx?scid=kb;en-us;230306

Once complete I would also run diagnostics (Althought the prepping will
ofrce you to do this) against your forest.


If you don't have the tools installed, install them from your server install
disk.
d:\support\tools\setup.exe

Run dcdiag and netdiag in verbose mode.

If you download a gui script I wrote it should be simple to set and run. It
also has the option to run individual tests without having to learn all the
switch options. The details will be output in notepad text files that pop
up automagically.

The script is at http://pbbergs.dynu.com/windows/windows.htm, download it
and save it to c:\program files\support tools\

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.

 

[james.mcmillan]

Hi Paul

Thanks for the answer..

...but part of the issue is step 2 in the document link you gave me,
which says:

'Verify that all servers for the domain have been demoted'

These servers haven't been demoted - they were just turned off and
wiped, so should I be attempting to remove the servers themselves,
before removing the domains?

Cheers, James

 

[Paul Bergson]

Demoted, gone...


They are saying no dc's exist in the orphaned domain. The advice is they
don't want you to destroy a domain that is still active.

 

[Jorge de Almeida Pinto [MVP]]

if the domains are really not used anymore and no live DCs exist anymore in
those domains...:
* cleanup the metadata of the DCs
http://support.microsoft.com/?id=216498
* cleanup the metadata of the domains
http://support.microsoft.com/?kbid=230306
--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto #
MVP Windows Server - Directory Services
BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx

 

[james.mcmillan]

Hi Jorge

Fantastic, thanks - it was the order of things I was wondering about.
I've completed the tasks and everything is back to the way it should
be..

Cheers, James

 

[Jorge de Almeida Pinto [MVP]]

glad to have helped!

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx