|
|
| mandani 2003-06-30, 2:00 pm |
| Here is the history of what I have tried.
I ran DCpromo to demote a standalone DC and was
interrupted at the password introduction for stand alone server phase.
It appeared to work fine however on next boot I was able to log on to the domain but AD was unavailable as were the local user and acconuts.
Tried to run dcprono again and it says it cannot find the domain.
When I ran directory services restore it did not restore the domain status.
I am able to log in with domain accounts but I cannot run dcpromo to remove the domain which is my ultimate goal.
It was sugested that I:
1)Verify that in DNS you have a forward lookup zone for your domain. Domain.com (whatever you named it when it was created)
- There was a Zone.
2)Verify you have 4 sub folders begining with _
If you do not, then follow the steps below.
- There weren't
If there is no zone, create a new one with the correct
domain name, make sure Dynamic updates are ENABLED in zone
properties.
Point DNS to itself (its own IP) -DONE
CMD>Ipconfig /flush DNS - Got an unable to flush resolver cache message.
CMD>Net stop netlogon - Worked fine
Delete the NDTD.DIT and NTDS.DAT files - THESE FILES DO NOT EXIST ON MY MACHINE
CMD>Net start netlogon - Restarted
CMD>Ipconfig /register DNS - Could not register
When I went back into DNS to verify that under domains' forward lookup zone I have 4 _Folders - I do not.
Can anyone help me?
I am at a loss.. | |
| Tech Ranger 2003-06-30, 9:16 pm |
| Your objective is to get rid of AD? | |
| jeff_j_black 2003-07-01, 9:15 am |
| quote:
I ran DCpromo to demote a standalone DC and was
A DC would not normally be referred to as a standalone server. Do you have any other DC's on your network?
quote:
It appeared to work fine however on next boot I was able to log on to the domain but AD was unavailable as were the local user and acconuts.
Are you really logging into the domain, or are your accounts now local accounts? If you have no domain or AD then your accounts are not domain accounts any longer. Try logging in as any.user@olddomain.com, of course substitute a particular user name and your old domain name.
quote:
When I went back into DNS to verify that under domains' forward lookup zone I have 4 _Folders - I do not.
This would be one of the indications that you have successfully eliminated your domain. These subfolders contain records that point to various services provided by domain controllers. The absence of these indicates either those services aren't there or domain controllers are unable to register their services in that zone for whatever reason.
It sounds like you have succeeded in removing Active Directory, you just need to know what it looks like when you succeed. | |
| mandani 2003-07-01, 11:18 am |
| quote:
A DC would not normally be referred to as a standalone server. Do you have any other DC's on your network
This is a standalone server that is not in a domain. The initial install was done as a DC however ther was no reason for it. That is why AD is being removed.
quote:
Are you really logging into the domain, or are your accounts now local accounts
When I attempt to login as the admin or a local user without the domain name I am denied entry. I must use a any.user@domain.com or the domain entry to get access to the machine therefore I must come to the conclusion that it is still the domain that I log into. The problem is that neither AD Users and Computers nor DNS can find the domain. All of my domain accounts are still valid for logon.
Your last point:
quote:
The absence of these indicates either those services aren't there or domain controllers are unable to register their services in that zone for whatever reason
I believe that the services are somehow unable to register now that I have disble part of the AD and I would like to know how to get it back.
When I run AD again the domain to be removed cannot be found. | |
| jeff_j_black 2003-07-01, 11:35 am |
| Aw, damn you broke it!
It seems like you wanted to remove AD, so you might as well finish removing it rather than attempting to put it back to remove it.
Are you in a production environment? If no, then just reload.
If you want the learning experience you could research this in the Microsoft Knowledge Base, but it sounds pretty whacked.
I have used NTDSUTIL to clean sub domains from AD, when the demotion of the domain controllers did not go well, but since this is just one server with no ties to any other, and you want AD removed, where do you begin to clean?
Do you have your Explorer view set to show hidden and system files? | |
| mandani 2003-07-01, 12:02 pm |
| The server is in production so I have to careful. I thought about a reload but I must admit I am not sure of all of the repurcussions. If I reload I would like to image it first. I am keeping this as a next option as the server is not local. I would like to try all I can before I go to that step.
I have looked in the MS KB and I haven't had much luck yet. I keep on looking mind you. I was hoping to find some help from all of the combined experience here in the forum.
I think I will try the NTDSUTIL next and do a remove. perhaps it can find the files that I can't.
And finally I will have to check to ensure that I am showing all the hidden files. Good point I overlooked that. | |
| mandani 2003-07-01, 12:11 pm |
| TRhe kicker here is that my next exam is the 217 and it looks like I will have some real world troubleshooting experince under my belt when I go in. | |
| Tarzanboy 2003-07-01, 12:17 pm |
| If you have the show hidden files and folders selected as well as having Hide Protected operating system files unchecked, verify whether or not you have a %systemroot%\NTDS folder. Inside of that folder should be NTDS.DIT, etc.
Cheers,
TB | |
| me? I dunno... 2003-07-01, 1:04 pm |
| Just on the off chance... Have you right clicked my computer and checked the network identification properties dialogue box to see that all is proper there?
can you see any other machines on your network neighbourhood? where does your machine show up when the network is viewed from another machine dc, client, domain, workgroup, etc...
'could not flush dns resolver cache' sets off flags from some simple problem I ran across in my own lab...
can you ping anybody? how about by name? | |
| Tech Ranger 2003-07-01, 7:30 pm |
| There is a reg hack to take a dc down. I don't remember it, but I will search. It is a simple reg edit. You might have to clean up some metadata after. | |
| Tarzanboy 2003-07-01, 8:07 pm |
| Speaking of that, did you try restoring the system state backup from prior to the DCPromo?
Cheers,
TB | |
| me? I dunno... 2003-07-01, 9:01 pm |
| quote:
This is a standalone server that is not in a domain. The initial install was done as a DC however ther was no reason for it. That is why AD is being removed.
If it was a dc, it must have been part of _some_ domain, what is it part of now?
quote:
The server is in production so I have to careful.
In what role? are other machines able to reach it?
I'm sure I have run into something like this where I was ready to dump everything and it turned out to be a really minor problem, I guess I should have listened more closely to mr black when he said to write everything down... | |
| Tech Ranger 2003-07-01, 10:05 pm |
| Brute Force approach to demoting a dc:
1. Use Regedt32 to navigate to:
HKEY_LOCAL_MACHINE\SYSTEM\Curr
entControlSet\Control\ProductO
ptions
2. Edit the ProductType value name and change the data value from LanmanNT to ServerNT, using the exact case.
3. Shutdown and restart the server.
4. Delete the NTDS folder. | |
| jeff_j_black 2003-07-02, 9:50 am |
| Techranger, thanks for the info, what is your reference for that? I'd like to read more. | |
|
|
| jeff_j_black 2003-07-02, 2:26 pm |
| Thanks, this has been a good discussion, wanted to come away with the deliverables. | |
| Tarzanboy 2003-07-02, 3:20 pm |
| Can I get a 5 finger discount out of the bin of knowledge.
Cheers,
TB | |
| mandani 2003-07-02, 5:39 pm |
| Thanks for all of your help folks.
I won't be able to tell you that it works for me until next week.
I have to schedule a maintenance window to put this into play.
I will let you all know if it solves my dilema then. | |
| jeff_j_black 2003-07-02, 5:44 pm |
| Best of luck, your the man of the hour as far as this thread goes, so let us know how it works out. |
|
|
|