Archived from groups: microsoft.public.win2000.active_directory (
More info?)
"Caro" <Caro@discussions.microsoft.com> wrote in message
news:49092183-39DD-43B3-B08A-5625E4F77BAC@microsoft.com...
> Desmond,
>
> Thanks for your prompt and accurate reply. I have reviewed these and
related
> articles and they seem to address the situation we are currently
> experiencing. One remaining question: does the offending server need to be
> connected to the domain in order to force removal from AD?
No, that is what "forceremoval" is about.
> In other words,
> can I simply have it not connected to the network and still force a
removal?
Yes, but it is better to do it online IF that
is practical.
Usually failure to demote is a DNS issue,
just like other authentication and replication
issues.
Now it may not matter but if you have other
DNS problems then fixing them now can put
you ahead so....
DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)
netdiag /fix
....or maybe:
dcdiag /fix
(Win2003 can do this from Support tools):
nltest /dsregdns /server
C-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/
Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.
Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]
--
Herb Martin
> Thanks,
>
> Brad
>
> "Desmond Lee" wrote:
>
> > Try
> >
> >
http://support.microsoft.com/default.aspx?scid=KB;EN-US;332199
> >
;216498]http://support.microsoft.com/default.aspx?scid=KB;[LN];216498
> >
> > and let us know if they help. Thanks!
> >
> >
> > "Caro" wrote:
> >
> > > Herb,
> > >
> > > Good threads but I have one question for you. We are having a problem
> > > demoting a W2K3 DC to member for ultimate removal from the domain.
Although
> > > all FSMO roles have been transferred in addition to the GC, it still
will not
> > > go through the DCPromo process, failing because replication of the
FSMO roles
> > > had failed. Yet it has had three weeks to complete the replication, no
Evt
> > > Vwr messages relate any replication problems, and both DCs list the
new DC
> > > with all the FSMO roles and GC as well. We may have to simply yank the
> > > offending DC off the domain and rebuild it. If this is the case, I
need to
> > > know what needs to be done to "tidy up" the domain.
> > >
> > > Thanks,
> > >
> > > Brad
> > >
> > > "Herb Martin" wrote:
> > >
> > > > "Mike Chung" <MikeChung@discussions.microsoft.com> wrote in message
> > > > news:96901E6F-85BE-4AFC-BFBF-EC5CD5A9622D@microsoft.com...
> > > > > I have two servers that I would like to remove from our network.
We are
> > > > > running Windows 2003 Active Directory in a mix environemnt.
Windows 2000
> > > > and
> > > > > Windows 2003 servers.
> > > > >
> > > > > 1 - Windows 2000 and a Windows 2003 servers. They both are member
servers
> > > > > in our network. They both run applications that not needed
anymore. Can I
> > > > > just delete the servers from AD?
> > > >
> > > > If they are not DCs, you can do that.
> > > >
> > > > (DCs really need to be removed by DCPromo
> > > > while the DCs are still online with the remaining
> > > > DCs -- or else there is a tedious process to clean
> > > > up the left over mess.)
> > > >
> > > > Also note, this just covers AD -- if those servers
> > > > are hard coded on any clients or other locations
> > > > those need cleaning up too: file server, profile
> > > > server (AD user properties), home directory
> > > > server, DNS/WINS (by IP), etc.
> > > >
> > > > --
> > > > Herb Martin
> > > >
> > > >
> > > > >
> > > > > TIA
> > > > > Michael
> > > >
> > > >
> > > >