Showing posts with label FSMO. Show all posts
Showing posts with label FSMO. Show all posts

Wednesday, April 17, 2013

How to Remove a Domain Controller

 
By Joe Piggee Sr.
Removing a domain controller by using the Windows interface

You can use the Active Directory Domain Services Installation Wizard to remove a domain controller from an existing domain.

Administrative credentials

To perform this procedure, you must be a member of the Domain Admins group in the domain.

Click Start, click Run, type dcpromo, and then press ENTER.

  1. On the Welcome to the Active Directory Domain Services Installation Wizard page, click Next.

  2. If the domain controller is a global catalog server, a message appears to warn you about the effect of removing a global catalog server from the environment. Click OK to continue.

  3. On the Delete the Domain page, make no selection, and then click Next.

  4. If the domain controller has application directory partitions, on the Application Directory Partitions page, view the application directory partitions in the list, and then remove or retain application directory partitions, as follows:

    • If you do not want to retain any application directory partitions that are stored on the domain controller, click Next.
    • If you want to retain an application directory partition that an application has created on the domain controller, use the application that created the partition to remove it, and then click Refresh to update the list.

  5. If the Confirm Deletion page appears, select the option to delete all application directory partitions on the domain controller, and then click Next.

  6. On the Remove DNS Delegation page, verify that the Delete the DNS delegations pointing to this server check box is selected, and then click Next.

  7. If necessary, enter administrative credentials for the server that hosts the DNS zones that contain the DNS delegation for this server, and then click OK.

  8. On the Administrator Password page, type and confirm a secure password for the local Administrator account, and then click Next.

  9. On the Summary page, to save the settings that you selected to an answer file that you can use to automate subsequent operations in Active Directory Domain Services (AD DS), click Export settings. Type a name for your answer file, and then click Save. Review your selections, and then click Next to remove AD DS.

  10. On the Completing the Active Directory Domain Services Installation Wizard page, click Finish.

  11. You can either select the Reboot on completion check box to have the server restart automatically or you can restart the server to complete the AD DS removal when you are prompted to do so.

  12. Open Server Manager. Click Start, point to Administrative Tools, and then click Server Manager.

  13. In Roles Summary, click Remove Roles.

  14. If necessary, review the information on the Before You Begin page, and then click Next.

  15. On the Remove Server Roles page, clear the Active Directory Domain Services check box, and then click Next.

  16. On the Confirm Removal Selections page, click Remove.

  17. On the Removal Results page, click Close, and then click Yes to restart the server.

*http://technet.microsoft.com/en-us/library/cc771844(v=ws.10).aspx

Posted by at No comments:
Labels: , , ,

Wednesday, March 20, 2013

Active Directory: Creating a Cross Forest Transitive Trust

Active Directory: Creating a Cross Forest Transitive Trust
To create a forest trust
  1. Open Active Directory Domains and Trusts.
  2. In the console tree, right-click the domain node for the forest root domain, and then click Properties.
  3. On the Trust tab, click New Trust, and then click Next.
  4. On the Trust Name page, type the DNS name (or NetBIOS name) of another forest, and then click Next.
  5. On the Trust Type page, click Forest trust, and then click Next.
  6. On the Direction of Trust page, do one of the following:
    • To create a two-way, forest trust, click Two-way.
      Users in this forest and users in the specified forest can access resources in either forest.
    • To create a one-way, incoming forest trust, click One-way:incoming.
      Users in the specified forest will not be able to access any resources in this forest.
    • To create a one-way, outgoing forest trust, click One-way:outgoing.
      Users in this forest will not be able to access any resources in the specified forest.
  7. Continue to follow the wizard.

* Reference: http://technet.microsoft.com/en-us/library/cc780479(WS.10).aspx

Useful Troubleshooting Commands

When cross-forest trusts fail, the secure channel should be verified to determine that a foreign DC can be identified and contacted. This post provides information on troubleshooting techniques in this scenario, and is really only the first step in troubleshooting - establishing that there are no DC locator issues determining what should be a valid DC across the trust.
The following commands are useful for troubleshooting secure channel issues, specifically name resolution, DC locator and connectivity:

· nltest /domain_trusts /v

· nltest /sc_query:%trusted_domain%

· nltest /sc_reset:%trusted_domain%[\%DCname%]

· nslookup -debug -type=srv _ldap._tcp.dc._msdcs.%domainFQDN%

Posted by at No comments:
Labels: , , , , ,

Saturday, July 21, 2012

Determine Domain Functional Level

 

By Joseph Piggee

Here are some simple steps to determine the Functional Level of your Windows Domain/Forest:

  1. Open up the Active Directory Domains and Trusts MMC found in your Administrative Tools folder. (Also found in the Control Panel or in the Start Menu).
  2. To check the domain functional level, right click on the current domain and select Properties, this will show you the current Domain and Forest Functional Level.
Posted by at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)