Remove Child Domain?

[Steve W]

I set up a 2003 domain server a long time ago as a child domain of our
corporate domain (2000 server). I later re-set up the 2003 as it's own
domain, and users authenticate to resources back here by supplying a
username and password when mapping a drive here. Here's how I want to set it
up: remove the child domain and its trusts (the remove button is greyed out,
probably because the DC/Domain doesn't exist anymore), then create a two-way
trust between our domain and the other domain. How can I safely remove all
aspects of the child domain so I can set up DNS and Trusts from scratch?

TIA,

Steve

 

[Tomasz Onyszko]

I set up a 2003 domain server a long time ago as a child domain of our
corporate domain (2000 server). I later re-set up the 2003 as it's own
domain, and users authenticate to resources back here by supplying a
username and password when mapping a drive here. Here's how I want to set it
up: remove the child domain and its trusts (the remove button is greyed out,
probably because the DC/Domain doesn't exist anymore), then create a two-way
trust between our domain and the other domain. How can I safely remove all
aspects of the child domain so I can set up DNS and Trusts from scratch?

Check this KB:
http://support.microsoft.com/kb/230306/EN-US/

 

[Steve W]

I followed the KB but it wouldn't allow me to remove it, stating a domain
controller still exists for the domain. This is correct. The domain
controller is in active use for the other company. Our domain is
towerenergy.com. I initially set up the other company as
next.towerenergy.com. I reinstalled the DC as next.com. But, stuck in Active
directory domains and sites is next.towerenergy.com. Same with Trusts and
Default-First-Site-Name. Any thoughts? Again, thank you for your input.

 

[Herb Martin]

I followed the KB but it wouldn't allow me to remove it, stating a domain

controller still exists for the domain. This is correct. The domain
controller is in active use for the other company. Our domain is
towerenergy.com. I initially set up the other company as

You must follow the removal process using NTDSUtil for EACH
abandoned domain controller before you can then follow it for
that domain you wish to remove.

NTDS metadata cleanup

Key points to NOTE when doing the metadata cleanup:

You CONNECT to a WORKING DC.
You SELECT the missing/dead DC or DOMAIN

'Connect' and 'Select' are technical terms in this context.

Select each DEAD DC, remove it; then select and remove the
DEAD Domain.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

I followed the KB but it wouldn't allow me to remove it, stating a domain
controller still exists for the domain. This is correct. The domain
controller is in active use for the other company. Our domain is
towerenergy.com. I initially set up the other company as
next.towerenergy.com. I reinstalled the DC as next.com. But, stuck in Active
directory domains and sites is next.towerenergy.com. Same with Trusts and
Default-First-Site-Name. Any thoughts? Again, thank you for your input.


greyed

 

[Steve W]

Thank you for your respone. I don't think I'm being clear. We only have one
DC/Domain here. The sister company has one DC/Domain there. The DC was
originally installed as a child domain, but I changed that. Our networks ARE
connected via VPN, and the other DC IS active for their domain. However, the
child domain no longer exists. I believe what I did incorrectly was not
breaking the trust or removing the child domain BEFORE I yanked the server
offline, demoted it and re-promoted it to a new domain, so therefore the old
information is kinda stuck. This started because I tried to break the trust,
but it was greyed out. The error I get with NTDSUtil is "The requested
domain could not be deleted because there exist domain controllers that
still host this domain." Since my DC can still see the other DC, this might
be where the problem is. I have no intention of breaking the network VPN or
demoting the other company's DC, so I need a workaround...looks like
adsiedit will have to be used, but I'm not exactly sure what I'll need to
do.

I followed the KB but it wouldn't allow me to remove it, stating a domain
controller still exists for the domain. This is correct. The domain
controller is in active use for the other company. Our domain is
towerenergy.com. I initially set up the other company as

You must follow the removal process using NTDSUtil for EACH
abandoned domain controller before you can then follow it for
that domain you wish to remove.

NTDS metadata cleanup

Key points to NOTE when doing the metadata cleanup:

You CONNECT to a WORKING DC.
You SELECT the missing/dead DC or DOMAIN

'Connect' and 'Select' are technical terms in this context.

Select each DEAD DC, remove it; then select and remove the
DEAD Domain.

 

[Herb Martin]

Thank you for your respone. I don't think I'm being clear. We only have one
DC/Domain here. The sister company has one DC/Domain there. The DC was
originally installed as a child domain, but I changed that.

No, I understood what you say above. If you "changed that" then at
some time in the past you had TWO DOMAINS in the same forest
(parent->child) and at least TWO DCs since each domain required
one DC minimum.

Now you said you have the old (abandoned) child domain to remove
but could not do that.

The most common reason is that you still have a "ghost" DC object --
and abandoned DC account that must first be removed.

How do I know that? Well, if you had properly removed ALL DCs
then the domain would have gone away automatically.

Our networks ARE
connected via VPN, and the other DC IS active for their domain. However, the
child domain no longer exists.

Right. Presumably because you didn't properly remove all of the DCs
of that domain before making your changes.

I believe what I did incorrectly was not
breaking the trust or removing the child domain BEFORE I yanked the server
offline, demoted it and re-promoted it to a new domain,

Not the trust, but properly removing ALL DCs from the child domain.

The last DC removal (DCPromo) would have removed the domain from
the forest.

so therefore the old
information is kinda stuck. This started because I tried to break the trust,
but it was greyed out. The error I get with NTDSUtil is "The requested
domain could not be deleted because there exist domain controllers that
still host this domain."

Exactly -- we understood your problem precisely.

Follow my previous instructions.

Since my DC can still see the other DC, this might
be where the problem is. I have no intention of breaking the network VPN or
demoting the other company's DC, so I need a workaround...

It has NOTHING to do with your current DC in that 'other' domain but only
with the MISSING DC from that abandoned domain.

looks like
adsiedit will have to be used, but I'm not exactly sure what I'll need to
do.

Sometimes ADSIedit is needed but if you follow my previous instructions
you probably won't need to do that.





--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

I followed the KB but it wouldn't allow me to remove it, stating a domain
controller still exists for the domain. This is correct. The domain
controller is in active use for the other company. Our domain is
towerenergy.com. I initially set up the other company as

You must follow the removal process using NTDSUtil for EACH
abandoned domain controller before you can then follow it for
that domain you wish to remove.

NTDS metadata cleanup

Key points to NOTE when doing the metadata cleanup:

You CONNECT to a WORKING DC.
You SELECT the missing/dead DC or DOMAIN

'Connect' and 'Select' are technical terms in this context.

Select each DEAD DC, remove it; then select and remove the
DEAD Domain.

--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

I followed the KB but it wouldn't allow me to remove it, stating a domain
controller still exists for the domain. This is correct. The domain
controller is in active use for the other company. Our domain is
towerenergy.com. I initially set up the other company as
next.towerenergy.com. I reinstalled the DC as next.com. But, stuck in Active
directory domains and sites is next.towerenergy.com. Same with Trusts and
Default-First-Site-Name. Any thoughts? Again, thank you for your input.


Steve W wrote:
I set up a 2003 domain server a long time ago as a child domain of our
corporate domain (2000 server). I later re-set up the 2003 as it's own
domain, and users authenticate to resources back here by supplying a
username and password when mapping a drive here. Here's how I want to
set it
up: remove the child domain and its trusts (the remove button is greyed
out,
probably because the DC/Domain doesn't exist anymore), then create a
two-way
trust between our domain and the other domain. How can I safely remove
all
aspects of the child domain so I can set up DNS and Trusts from scratch?


Check this KB:
http://support.microsoft.com/kb/230306/EN-US/