Removing Windows 2000/2003 from domain/Active Directory

G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

I have two servers that I would like to remove from our network. We are
running Windows 2003 Active Directory in a mix environemnt. Windows 2000 and
Windows 2003 servers.

1 - Windows 2000 and a Windows 2003 servers. They both are member servers
in our network. They both run applications that not needed anymore. Can I
just delete the servers from AD?

TIA
Michael
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"Mike Chung" <MikeChung@discussions.microsoft.com> wrote in message
news:96901E6F-85BE-4AFC-BFBF-EC5CD5A9622D@microsoft.com...
> I have two servers that I would like to remove from our network. We are
> running Windows 2003 Active Directory in a mix environemnt. Windows 2000
and
> Windows 2003 servers.
>
> 1 - Windows 2000 and a Windows 2003 servers. They both are member servers
> in our network. They both run applications that not needed anymore. Can I
> just delete the servers from AD?

If they are not DCs, you can do that.

(DCs really need to be removed by DCPromo
while the DCs are still online with the remaining
DCs -- or else there is a tedious process to clean
up the left over mess.)

Also note, this just covers AD -- if those servers
are hard coded on any clients or other locations
those need cleaning up too: file server, profile
server (AD user properties), home directory
server, DNS/WINS (by IP), etc.

--
Herb Martin


>
> TIA
> Michael
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

If they are not DCs, simply unjoin them from the AD domain (to a workgroup),
shutdown and remove from the network.

Hope this helps. Do let us know.


"Mike Chung" wrote:

> I have two servers that I would like to remove from our network. We are
> running Windows 2003 Active Directory in a mix environemnt. Windows 2000 and
> Windows 2003 servers.
>
> 1 - Windows 2000 and a Windows 2003 servers. They both are member servers
> in our network. They both run applications that not needed anymore. Can I
> just delete the servers from AD?
>
> TIA
> Michael
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Herb,

Good threads but I have one question for you. We are having a problem
demoting a W2K3 DC to member for ultimate removal from the domain. Although
all FSMO roles have been transferred in addition to the GC, it still will not
go through the DCPromo process, failing because replication of the FSMO roles
had failed. Yet it has had three weeks to complete the replication, no Evt
Vwr messages relate any replication problems, and both DCs list the new DC
with all the FSMO roles and GC as well. We may have to simply yank the
offending DC off the domain and rebuild it. If this is the case, I need to
know what needs to be done to "tidy up" the domain.

Thanks,

Brad

"Herb Martin" wrote:

> "Mike Chung" <MikeChung@discussions.microsoft.com> wrote in message
> news:96901E6F-85BE-4AFC-BFBF-EC5CD5A9622D@microsoft.com...
> > I have two servers that I would like to remove from our network. We are
> > running Windows 2003 Active Directory in a mix environemnt. Windows 2000
> and
> > Windows 2003 servers.
> >
> > 1 - Windows 2000 and a Windows 2003 servers. They both are member servers
> > in our network. They both run applications that not needed anymore. Can I
> > just delete the servers from AD?
>
> If they are not DCs, you can do that.
>
> (DCs really need to be removed by DCPromo
> while the DCs are still online with the remaining
> DCs -- or else there is a tedious process to clean
> up the left over mess.)
>
> Also note, this just covers AD -- if those servers
> are hard coded on any clients or other locations
> those need cleaning up too: file server, profile
> server (AD user properties), home directory
> server, DNS/WINS (by IP), etc.
>
> --
> Herb Martin
>
>
> >
> > TIA
> > Michael
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Try

http://support.microsoft.com/default.aspx?scid=KB;EN-US;332199
;216498]http://support.microsoft.com/default.aspx?scid=KB;[LN];216498

and let us know if they help. Thanks!


"Caro" wrote:

> Herb,
>
> Good threads but I have one question for you. We are having a problem
> demoting a W2K3 DC to member for ultimate removal from the domain. Although
> all FSMO roles have been transferred in addition to the GC, it still will not
> go through the DCPromo process, failing because replication of the FSMO roles
> had failed. Yet it has had three weeks to complete the replication, no Evt
> Vwr messages relate any replication problems, and both DCs list the new DC
> with all the FSMO roles and GC as well. We may have to simply yank the
> offending DC off the domain and rebuild it. If this is the case, I need to
> know what needs to be done to "tidy up" the domain.
>
> Thanks,
>
> Brad
>
> "Herb Martin" wrote:
>
> > "Mike Chung" <MikeChung@discussions.microsoft.com> wrote in message
> > news:96901E6F-85BE-4AFC-BFBF-EC5CD5A9622D@microsoft.com...
> > > I have two servers that I would like to remove from our network. We are
> > > running Windows 2003 Active Directory in a mix environemnt. Windows 2000
> > and
> > > Windows 2003 servers.
> > >
> > > 1 - Windows 2000 and a Windows 2003 servers. They both are member servers
> > > in our network. They both run applications that not needed anymore. Can I
> > > just delete the servers from AD?
> >
> > If they are not DCs, you can do that.
> >
> > (DCs really need to be removed by DCPromo
> > while the DCs are still online with the remaining
> > DCs -- or else there is a tedious process to clean
> > up the left over mess.)
> >
> > Also note, this just covers AD -- if those servers
> > are hard coded on any clients or other locations
> > those need cleaning up too: file server, profile
> > server (AD user properties), home directory
> > server, DNS/WINS (by IP), etc.
> >
> > --
> > Herb Martin
> >
> >
> > >
> > > TIA
> > > Michael
> >
> >
> >
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Desmond,

Thanks for your prompt and accurate reply. I have reviewed these and related
articles and they seem to address the situation we are currently
experiencing. One remaining question: does the offending server need to be
connected to the domain in order to force removal from AD? In other words,
can I simply have it not connected to the network and still force a removal?

Thanks,

Brad

"Desmond Lee" wrote:

> Try
>
> http://support.microsoft.com/default.aspx?scid=KB;EN-US;332199
> ;216498]http://support.microsoft.com/default.aspx?scid=KB;[LN];216498
>
> and let us know if they help. Thanks!
>
>
> "Caro" wrote:
>
> > Herb,
> >
> > Good threads but I have one question for you. We are having a problem
> > demoting a W2K3 DC to member for ultimate removal from the domain. Although
> > all FSMO roles have been transferred in addition to the GC, it still will not
> > go through the DCPromo process, failing because replication of the FSMO roles
> > had failed. Yet it has had three weeks to complete the replication, no Evt
> > Vwr messages relate any replication problems, and both DCs list the new DC
> > with all the FSMO roles and GC as well. We may have to simply yank the
> > offending DC off the domain and rebuild it. If this is the case, I need to
> > know what needs to be done to "tidy up" the domain.
> >
> > Thanks,
> >
> > Brad
> >
> > "Herb Martin" wrote:
> >
> > > "Mike Chung" <MikeChung@discussions.microsoft.com> wrote in message
> > > news:96901E6F-85BE-4AFC-BFBF-EC5CD5A9622D@microsoft.com...
> > > > I have two servers that I would like to remove from our network. We are
> > > > running Windows 2003 Active Directory in a mix environemnt. Windows 2000
> > > and
> > > > Windows 2003 servers.
> > > >
> > > > 1 - Windows 2000 and a Windows 2003 servers. They both are member servers
> > > > in our network. They both run applications that not needed anymore. Can I
> > > > just delete the servers from AD?
> > >
> > > If they are not DCs, you can do that.
> > >
> > > (DCs really need to be removed by DCPromo
> > > while the DCs are still online with the remaining
> > > DCs -- or else there is a tedious process to clean
> > > up the left over mess.)
> > >
> > > Also note, this just covers AD -- if those servers
> > > are hard coded on any clients or other locations
> > > those need cleaning up too: file server, profile
> > > server (AD user properties), home directory
> > > server, DNS/WINS (by IP), etc.
> > >
> > > --
> > > Herb Martin
> > >
> > >
> > > >
> > > > TIA
> > > > Michael
> > >
> > >
> > >
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

Herb,

Thanks for the information.

"Herb Martin" wrote:

> "Mike Chung" <MikeChung@discussions.microsoft.com> wrote in message
> news:96901E6F-85BE-4AFC-BFBF-EC5CD5A9622D@microsoft.com...
> > I have two servers that I would like to remove from our network. We are
> > running Windows 2003 Active Directory in a mix environemnt. Windows 2000
> and
> > Windows 2003 servers.
> >
> > 1 - Windows 2000 and a Windows 2003 servers. They both are member servers
> > in our network. They both run applications that not needed anymore. Can I
> > just delete the servers from AD?
>
> If they are not DCs, you can do that.
>
> (DCs really need to be removed by DCPromo
> while the DCs are still online with the remaining
> DCs -- or else there is a tedious process to clean
> up the left over mess.)
>
> Also note, this just covers AD -- if those servers
> are hard coded on any clients or other locations
> those need cleaning up too: file server, profile
> server (AD user properties), home directory
> server, DNS/WINS (by IP), etc.
>
> --
> Herb Martin
>
>
> >
> > TIA
> > Michael
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

"Caro" <Caro@discussions.microsoft.com> wrote in message
news:49092183-39DD-43B3-B08A-5625E4F77BAC@microsoft.com...
> Desmond,
>
> Thanks for your prompt and accurate reply. I have reviewed these and
related
> articles and they seem to address the situation we are currently
> experiencing. One remaining question: does the offending server need to be
> connected to the domain in order to force removal from AD?

No, that is what "forceremoval" is about.

> In other words,
> can I simply have it not connected to the network and still force a
removal?

Yes, but it is better to do it online IF that
is practical.

Usually failure to demote is a DNS issue,
just like other authentication and replication
issues.

Now it may not matter but if you have other
DNS problems then fixing them now can put
you ahead so....

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2
4) If you have more than one Domain, every DNS server must
be able to resolve ALL domains (either directly or indirectly)

netdiag /fix

....or maybe:

dcdiag /fix

(Win2003 can do this from Support tools):
nltest /dsregdns /server:DC-ServerNameGoesHere
http://support.microsoft.com/kb/q260371/

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

Single Label domain zone names are a problem Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]




--
Herb Martin


> Thanks,
>
> Brad
>
> "Desmond Lee" wrote:
>
> > Try
> >
> > http://support.microsoft.com/default.aspx?scid=KB;EN-US;332199
> > ;216498]http://support.microsoft.com/default.aspx?scid=KB;[LN];216498
> >
> > and let us know if they help. Thanks!
> >
> >
> > "Caro" wrote:
> >
> > > Herb,
> > >
> > > Good threads but I have one question for you. We are having a problem
> > > demoting a W2K3 DC to member for ultimate removal from the domain.
Although
> > > all FSMO roles have been transferred in addition to the GC, it still
will not
> > > go through the DCPromo process, failing because replication of the
FSMO roles
> > > had failed. Yet it has had three weeks to complete the replication, no
Evt
> > > Vwr messages relate any replication problems, and both DCs list the
new DC
> > > with all the FSMO roles and GC as well. We may have to simply yank the
> > > offending DC off the domain and rebuild it. If this is the case, I
need to
> > > know what needs to be done to "tidy up" the domain.
> > >
> > > Thanks,
> > >
> > > Brad
> > >
> > > "Herb Martin" wrote:
> > >
> > > > "Mike Chung" <MikeChung@discussions.microsoft.com> wrote in message
> > > > news:96901E6F-85BE-4AFC-BFBF-EC5CD5A9622D@microsoft.com...
> > > > > I have two servers that I would like to remove from our network.
We are
> > > > > running Windows 2003 Active Directory in a mix environemnt.
Windows 2000
> > > > and
> > > > > Windows 2003 servers.
> > > > >
> > > > > 1 - Windows 2000 and a Windows 2003 servers. They both are member
servers
> > > > > in our network. They both run applications that not needed
anymore. Can I
> > > > > just delete the servers from AD?
> > > >
> > > > If they are not DCs, you can do that.
> > > >
> > > > (DCs really need to be removed by DCPromo
> > > > while the DCs are still online with the remaining
> > > > DCs -- or else there is a tedious process to clean
> > > > up the left over mess.)
> > > >
> > > > Also note, this just covers AD -- if those servers
> > > > are hard coded on any clients or other locations
> > > > those need cleaning up too: file server, profile
> > > > server (AD user properties), home directory
> > > > server, DNS/WINS (by IP), etc.
> > > >
> > > > --
> > > > Herb Martin
> > > >
> > > >
> > > > >
> > > > > TIA
> > > > > Michael
> > > >
> > > >
> > > >