Unusual case of DC removal

J

John Rosenlof

Hi,

I've read a few of the posts in here about removing a DC that is no longer
connected and was never demoted. I have a case that is a little different
than those listed and I was wondering if the same articles that I've seen
referred would also apply to my situation.

At our company, we have a domain a root domain that was joined with another
root domain to make a two domain forest. In domain1, we have a PDC and a
BDC that are both running Win2k Server. The previous admin (no longer with
the company :) ) that installed the software accidentally installed the
120-day eval version of Win2k3 Server on the DC of domain2 and then set up
the trust relationship between the two domains. When the 120 days passed
and the license expired he was not able to recover the system and then
completely re-installed the OS and gave the DC the same name that it had had
before the re-install. He did this without disconnecting the DC at all.
This has caused some problems. Every day we are constantly getting KDC,
NetLogon, and Directory Services errors. Now that I'm here I'm not really
sure how to clean this up. On top of that, my company wants the trust to be
re-established. An additional complication is that I don't have the option
of re-installing the OS on domain2's DC. I could really use some help with
this. Thanks!

-John
 
H

Herb Martin

John Rosenlof said:
Hi,

I've read a few of the posts in here about removing a DC that is no longer
connected and was never demoted. I have a case that is a little different
than those listed and I was wondering if the same articles that I've seen
referred would also apply to my situation.

At our company, we have a domain a root domain that was joined with another
root domain to make a two domain forest.
Click to expand...

Well, you cannot really do THAT -- you can create a child
domain in a forest or a new tree in a forest but you cannot
"join two domains" into a forest.
In domain1, we have a PDC and a
BDC that are both running Win2k Server.
Click to expand...

Then you have NO BDC or even PDC, they are both just DCs.
The previous admin (no longer with
the company :) ) that installed the software accidentally installed the
120-day eval version of Win2k3 Server on the DC of domain2 and then set up
the trust relationship between the two domains.
Click to expand...

Ok, so you have two domains that trust each other not in the
same forest. External trusts with TWO forests.
When the 120 days passed
and the license expired he was not able to recover the system and then
completely re-installed the OS and gave the DC the same name that it had had
before the re-install. He did this without disconnecting the DC at all.
Click to expand...

There are better ways to do that. (Like add a REAL, Full product DC.)
This has caused some problems. Every day we are constantly getting KDC,
NetLogon, and Directory Services errors. Now that I'm here I'm not really
sure how to clean this up. On top of that, my company wants the trust to be
re-established.
Click to expand...

If you have more than one subnet, then EXTERNAL trusts
require NetBIOS resolution which generally means WINS
server(s).

All DCs (and other machines too) must be WINS clients
of the same WINS Database.
An additional complication is that I don't have the option
of re-installing the OS on domain2's DC. I could really use some help with
this. Thanks!
Click to expand...

What is the actual problem?
 
J

John Rosenlof

The problem is that I need to break the trust and clean out the traces of
domain2 in the AD here at domain1. Then I need to rejoin the two domains.

When the OS was reinstalled, the trust was messed up and the two computers
no longer recognized each other. I'm basically looking for a way to resolve
this. I've got to clean up someone else's sloppy setup and trying to
discover the various misconfigurations that were put into place.

Thanks,
John
 
H

Herb Martin

John Rosenlof said:
The problem is that I need to break the trust and clean out the traces of
domain2 in the AD here at domain1. Then I need to rejoin the two domains.
Click to expand...

What happens when you try to remove the trust?
When the OS was reinstalled, the trust was messed up and the two computers
no longer recognized each other.
Click to expand...

Sure, since the second domain is a different computer and
a different domain (than it was previously.)
 
J

John Rosenlof

I've seen the articles that have been referred to people that say that you
can break the trust and use Ntdsutil.exe to clean things up. I'm wondering
if that is the correct procedure for this type of problem as well.
 
H

Herb Martin

John Rosenlof said:
I've seen the articles that have been referred to people that say that you
can break the trust and use Ntdsutil.exe to clean things up. I'm wondering
if that is the correct procedure for this type of problem as well.
Click to expand...


I am not certain there is anything to clean up in AD if you
use AD Domains/Trusts to break the trust.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

probems creating trust 3
2 Forest in one network. Not able to connect domain 9
Cannot delete domain in an existing forest 0
Global Catalogs in Multiple Domain forest 6
AD Trust to NT4 Domain 3
demote DC + kill domain, question 6
Server 200 Domain and Server 2003 Domain 4
2003 DC not replicating 2

Top