Forcing the Removal of a Domain Controller

Forcing the Removal of a Domain Controller

Reference link

https://technet.microsoft.com/en-us/library/cc781245%28v=ws.10%29.aspx

Forced removal of a domain controller from Active Directory is
intended to be used as a last resort to avoid having to reinstall the
operating system on a domain controller that has failed and cannot be
recovered. When a domain controller can no longer function in a domain
(that is, it is offline), you cannot remove Active Directory in the
normal way, which requires connectivity to the domain. Forced removal is
not intended to replace the normal Active Directory removal procedure
in any way. It is virtually equivalent to permanently disconnecting the
domain controller.

Active Directory stores a considerable amount of metadata about
a domain controller. During the normal process of uninstalling
Active Directory on a domain controller, this metadata is removed from
Active Directory through a connection to another domain controller in
the domain. A forced removal assumes that there is no connectivity to
the domain; therefore, it does not attempt any metadata removal
(cleanup).

Consequently, forced removal of Active Directory from a domain
controller should always be followed by the metadata cleanup procedure,
which removes all references to the domain controller from the domain
and forest.

Forced demotion should not be performed on the last domain controller in a domain.

Task Requirements

The following tools are required to perform the procedures for this task:

  • Active Directory Sites and Services
  • Dcpromo.exe
  • Ntdsutil.exe

To clean up server metadata

  1. Open a command prompt.
  2. Type the following command, and then press ENTER:

    ntdsutil

  3. At the ntdsutil: prompt, type:

    metadata cleanup

  4. Perform metadata cleanup as follows:

    At this point, Active Directory confirms that the domain
    controller was removed successfully. If you receive an error message
    that indicates that the object cannot be found, Active Directory might
    have already removed the domain controller.

  • If you are performing metadata cleanup by using the version of
    Ntdsutil.exe that is included with Windows Server 2003 SP1, at the metadata cleanup: prompt, type:

    remove selected server ServerName

    Or

    remove selected server ServerName1 on ServerName2

    Value Definition

    ServerName, ServerName1
    The distinguished name of the domain controller whose metadata you want to remove, in the form cn=ServerName,cn=Servers,cn=SiteName, cn=Sites,cn=Configuration,dc=ForestRootDomain

    ServerName2
    The DNS name of the domain controller to which you want to connect and from which you want to remove server metadata
  • If you are performing metadata cleanup by using the version of
    Ntdsutil.exe that is included with Windows Server 2003 with no service
    pack, perform metadata cleanup as follows:
  1. At the metadata cleanup: prompt, type:

    connection

  2. At the server connections: prompt, type:

    connect to server Server

  3. At the server connections: prompt, type:

    quit

  4. At the metadata cleanup: prompt, type:

    select operation target

  5. At the select operation target: prompt, type:

    list sites

    A numbered list of sites appears.

  6. At the select operation target: prompt, type:

    select site SiteNumber

  7. At the select operation target: prompt, type:

    list domains in site

    A numbered list of domains in the selected site appears.

  8. At the select operation target: prompt, type:

    select domain DomainNumber

  9. At the select operation target: prompt, type:

    list servers in site

    A numbered list of servers in a domain and site appears.

  10. At the select operation target: prompt, type:

    select server ServerNumber

  11. At the select operation target: prompt, type:

    quit

  12. At the metadata cleanup: prompt, type:

    remove selected server

    Value Description

    Server
    The DNS name of a domain controller that you want to connect to

    SiteNumber
    The number associated with the site of the server that you want to clean up that appears in the list

    DomainNumber
    The number associated with the domain of the server that you want to clean up that appears in the list

    ServerNumber
    The number associated with the server that you want to clean up that appears in the list

To verify that the server was removed, type list servers in site,
and then press ENTER. Ensure that the domain controller that you wanted
to be removed is no longer displayed in the command output.At the metadata cleanup: and ntdsutil: prompts, type quit.

时间: 2024-07-30 20:31:39

Forcing the Removal of a Domain Controller的相关文章

Cloned virtualized domain controller(克隆虚拟化部署的域控制器)

Cloned virtualized domain controller(克隆虚拟化部署的域控制器) 在Windows Server 2012之前的版本中,在域控制器升级的过程中,添加额外的虚拟域控制器涉及到的数据复制方法有两种,分别是"复制"网络.使用IFM媒体.但如果数据库 (NTDS.DIT)本身比较大,这两种方法都需要大量时间来复制Active Directory(活动目录)数据库. 但在Windows Server 2012中,克隆虚拟域控制器就不再像以前那么费事了.Serv

Cloned virtualized domain controller(克隆虚拟化部署的域控制器)续……

Cloned virtualized domain controller(克隆虚拟化部署的域控制器)续-- 步骤 5  创建 DCCloneConfig.xml 克隆域控制器需要 DcCloneConfig.xml 文件.其内容允许你指定唯一的详细信息,如新的计算机名和 IP 地址. 除非你在源域控制器上安装应用程序或可能不兼容的 Windows 服务,否则 CustomDCCloneAllowList.xml 文件是可选的.这些文件需要精确地命名.设置格式和放置:否则,克隆将失败. 为此,你应

Windows 2008 Domain Controller

1)Create Active Directory Service 配置Active Directory 域服务 开始菜单-->运行-->输入命令"dcpromo"点击"确定" 按钮 进入安装界面 弹出 Active Directory 域服务安装向导,并点击"下一步"按钮 点击"下一步"按钮 选择"在新林中新建域"并点击"下一步"按钮 输入域名并点击"下一步&qu

为什么Domain controller上的time synchronization非常重要?

虚拟机默认情况下所拥有的资源都是不同的, 比如说CPU clock. 在一个忙碌的系统中, 虚拟机甚至可能在很短的一段时间内被拒绝分配资源给它, 这种情况还可能发生在高系统负荷, VMotion, Backup的时候. 或者说虚拟机收到了超过它可以感知的CPU资源的量, 比如说操作系统认为它有1个2.4Ghz的CPU, 但事实上它运行在一个8 core的2.4Ghz的VMware的系统上. 这会导致称为"time drifting"的问题, 即虚拟机用来计算时间的'滴答'的时钟会运行的

Samba 4 Domain Controller on Ubuntu 14.04 LTS

1. Configure network with a static ip address $sudo nano /etc/network/interfaces auto eth0 iface eth0 inet static address 192.168.0.35 gateway 192.168.0.1 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 dns-nameservers 192.168.0.1 1

Windows Server 2012如何部署Domain Controller

用过Windows Server2008 系统的运维师们,可能习惯于用dcpromo的方式部署Domain Controller,但是在WindowsServer2012操作系统已经把这种部署方式取消了,取而代之的是借助Windows Server-->Server Manager里的AD DS(ActiveDirectory Domain Service)这个服务来部署Domain Controller,说道这里,可能好多人都迫不及待的想问,如何部署呢? 详情如下: 安装Windows Ser

Windows Server 2008 如何部署Domain Controller

可能好多企业仍旧使用WindowsServer 2008的操作系统,那么怎么在这个版本的操作系统上部署Domain Controller呢? 今天给大家介绍一下用dcpromo的方式部署Domain Controller,具体步骤如下: 用Administrator运行cmd.exe,然后输入dcpromo,如下图所示: 回车后,会弹出Active Directory Domain Services Installation Wizard页面,点击 "Next",如下图所示: 在Dep

Windows Server 2012R2 部署 Domain Controller

1. Create a machine as Domain Controller; 2. Change DNS server address as 127.0.0.1; 3. Change Computer name and restart machine. 4. Open server manager Open "Add Roles and Features Wizard", select "Active Directory Domain Services". I

SAP TMS 更改 Backup-Domain-Controler as Domain Controller|将TMS备用域控制器改为主域控制器

将备用域控制器改为主域控制器 Logon to Target system in 000 client STMS Go to System Overview Mark System Target system Extras “Activate Backup Domain Controller Distribute and activate TMS configuration 原文地址:https://www.cnblogs.com/tingxin/p/12230799.html