First of all, try looking to this [url=http://technet2.microsoft.com/windowsserver/en/library/f82e0fb0-552f-4b94-9ece-f550388976571033.mspx]short how-to[/url] from Microsoft. If it's all OK with your domain controller that you want to demote from its role it the wizard will be enough to manage with it. If you are in the middle of the trouble and you need to demote the controller that is not functioning anymore, you need to cleanup the metadata and DNS records registered in Active Directory-integrated DNS for this domain controller using the ntdsutil and DNS snap-in respectively. There's a [url=http://www.adminprep.com/articles/default.asp?action=show&articleid=91]nice video[/url] showing how you can do this manually. If dcpromo fails during the removal of demotion process, try following these [url=http://www.petri.co.il/forcibly_removing_active_directoy_from_dc.htm]steps[/url]. Be sure to [url=http://www.windowsitpro.com/Article/ArticleID/21084/21084.html]not cancel[/url] the demotion process once started. Read [url=http://support.microsoft.com/?id=332199]this info[/url] to find out additional information on what you have to do to forcibly retire the domain controller.
To make it shorter for you the basic steps are:
1. Check the assigned FSMO roles.
2. Transfer the Naming Master FSMO role.
3. Transfer other FSMO roles such as RID, PDC, or Infrastructure roles.
4. Remove the GC. Here's the major step: DO NOT REMOVE the GC unless you have another GCs in your site. Note that if it's the last GC in the AD and you remove it, you'll be unable to log on anymore. Do this carefully.
5. Check DNS by testing it with netdiag /test:dns command and verifying that it's all right with your other domain controllers.
6. To check that you have other domain controllers fully available run the netdiag /test:dsgetdc command and make sure you get Passed as the result.
7. Now check the domain contollers you have transferred the FSMO roles to are functioning as needed. Find them out on the net by invoking the
dcdiag /s: domaincontroller /test:knowsofroleholders /verbose
command. Then test the work of roles on the dcdiag /s: domaincontroller /test:fsmocheck. Make sure you get Passed on all, otherwise you'll lose the information!
8. Now move the AD out from your DC using the dcpromo wizard and clean the server object from your site.
See [url=http://technet2.microsoft.com/windowsserver/en/library/b96e3f0a-bf98-4a80-8718-dd80dc1071fd1033.mspx]this document[/url] for a more detailed information on this topic.
There's also [url=http://scottledyard.wordpress.com/2006/11/22/how-not-to-decommission-a-active-domain-controller/]an article[/url] showing how you should NOT decomission DC.
|
