Jump to content

demoting a child domain server 03

ceez

By ceez
in Windows 2000/2003/NT4

 Share

Recommended Posts

ceez

ceez

Posted
Posted

hello everybody,

we have a child domain that we're demoting, I have demoted a child domain once long time ago and dont remember if there's any additional steps.

I know that we log in and run dcpromo and that should remove the child domain and any information. But what about DHCP and DNS? Is that something we need to delete first before running dc promo? There are no workstations using this child domain so there's no resolution, it's just 2 dc's and 1 nas which have static ip's so i assume I should not worry about it.

thank you for the input,

ceez

:thumbup

Link to comment
Share on other sites

cluberti

cluberti

Posted
Posted

You should be OK if you demote it away via dcpromo, but it's always good to go into DNS on another DC (assuming your DNS is AD-Integrated) and make sure all of the references under the "underscore" DNS folders are gone. Also good to make sure it's gone from your replication in AD Sites and Services too, if necessary.

Otherwise, it's pretty painless if you've no clients using it.

Link to comment
Share on other sites
ceez

ceez

Posted
  • Author
Posted

@cluberti, yes we're an MS shop and AD integrated.

Also, the servers are no longer in their original location since that office was closed and they now reside in an empty office in our main office. They were in a 10.201.8.x range while our corp office is in the 10.201.1.x range.

Since we have not demoted both dc's we figured we should change the IP's on the 2 servers to a local 10.201.1.x ip. We successfully changed the ip's but whenever a computer within the .1 range or even ping within the 2 servers it still tries to ping the .8 range.

We disabled DHCP and DNS. DHCP because we dont want the servers assigning .8 range address and people then not able to connect within the .1 network (whic happened to 2 users once we started the servers). And DNS, well just because there's no name resolutions going on.

What steps would you suggest to demote them. I cant just connect them in their own atonomous network because during dcpromo it needs to talk to the other servers/child domains int the network, yet they have been off the network powered off for about 2 weeks now and I was thinking that it would be a good idea to have them update any records for a few days and THEN demote them.

what would anyone suggest in this situation?!?!?

thanks for your help,

ceez

:thumbup

Link to comment
Share on other sites
cluberti

cluberti

Posted
Posted

I'd re-enable DNS (it's important for AD, even if the domain is empty) and let things go for a weekend. Come back on Monday, check the event viewer logs, and if all is clean dcpromo them away.

Link to comment
Share on other sites
ceez

ceez

Posted
  • Author
Posted

so renable DNS but leave the .1 range which is our main office ip range because leaving it at .8 would be useless in the sense of communication, correct?

Thanks again!

Link to comment
Share on other sites
ceez

ceez

Posted
  • Author
Posted

@cluberti, hope you can help me out here...i am confused...

we have changed the ips of the 2 dc's and the 1 file storage nas of this child domain to 10.201.1.217 , .218 & .219. This is now within the same range of our main office.

I can ping between the 3 servers but the servers in the main office CANT ping these 3 servers, a ping command results in pinging the old .8 range: 10.201.8.x

We enabled DNS on the 2 dc's and performed a flushdns & registerdns.

I dont want to mess up any DNS eventhough this child domain is going out the door, yet I dont want to have any residual issues once we demote it. so here are a few q's

Our DNS ptr records show that server1, server2 and NAS1 are still in the .8 range, shoud I fix those to reflect the new ips? (this is the only way that our main office servers/pc's would be able to see them) Should i delete the forward & reverse lookup zones for this child domain from our main office domain and any other child domains?

thanks for your help,

ceez

:thumbup

Link to comment
Share on other sites
nitroshift

nitroshift

Posted
Posted
Our DNS ptr records show that server1, server2 and NAS1 are still in the .8 range, shoud I fix those to reflect the new ips? (this is the only way that our main office servers/pc's would be able to see them) Should i delete the forward & reverse lookup zones for this child domain from our main office domain and any other child domains?

thanks for your help,

ceez

:thumbup

yep to all.

Link to comment
Share on other sites
  • 2 weeks later...
ceez

ceez

Posted
  • Author
Posted

hey guys an update...

we performed a dcpromo with /forceremoval switch since the 2nd DC in this child domain could not contact DC1. We did it on both and noted that we needed to cleanup the metadata using ntdsutil. We followed the steps but once we get to step 5 we get an error, I am assuming it's because it's already a standalone server and no longer in the forrest:

1. Click Start, point to Programs, point to Accessories, and then click Command Prompt.

2. At the command prompt, type ntdsutil, and then press ENTER.

3. Type metadata cleanup, and then press ENTER. Based on the options given, the administrator can perform the removal, but additional configuration parameters must be specified before the removal can occur.

4. Type connections and press ENTER. This menu is used to connect to the specific server where the changes occur. If the currently logged on user does not have administrative permissions, different credentials can be supplied by specifying the credentials to use before making the connection. To do this, type set creds DomainNameUserNamePassword, and then press ENTER. For a null password, type null for the password parameter.

5. Type connect to server servername, and then press ENTER. You should receive confirmation that the connection is successfully established. If an error occurs, verify that the domain controller being used in the connection is available and the credentials you supplied have administrative permissions on the server.

In step five when I type "connect to server baosrv01" (or baosrv02) I get the following:

"DsBindW error 0x6d9(There are no more endpoints available from the endpoint mapper.)"

Again, I am assuming that's because it actually no longer exists.

I think that all we need to do now is to cleanup DNS and exchange manager. In my reasoning I should delete all forward and reverse zones in dns for our root domain and other 3 child domains

In exchange manager I should delete the Recipient Update Services that points to this child domain.

any other ideas?

I am in the learning process here and the person that was responsible for this stuff left the company (that sucks!)

Thank you for your help,

ceez

Link to comment
Share on other sites
ceez

ceez

Posted
  • Author
Posted

alright guys, update. I was able to finish the entire process and 'delete' both dc servers from the child domain.

I've cleaned up the foward and reverse zones of any Host A records/PTR Records. On the root domain there's the following folders:

root

_msdcs

domains

<guid>folder

_tcp

Inside _tcp I have 2 _ldap entries with the names of the 2 servers. Will AD/DNS eventually clear this up or can I delete those two entries.

Anything else that I should delete?

Thanks again for reading through this troubling times! :)

ceez

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...