Re: remove Domain Controller

Tech-Archive recommends: Fix windows errors by optimizing your registry

Thank you!

"Cary Shultz [A.D. MVP]" wrote:

> Hutch,
>
> If the Domain Controller that you are going to dcpromo is also the DC on
> which you have Certificate Services running.....most probably not in your
> case so I would not worry about it! But, just check to make sure.
>
> Now, what is Certificate Services? That would be a good google project for
> you, right? ;-)
>
> Just in case you are pressed for time, here is a pretty good starting point:
>
> http://www.microsoft.com/windows2000/techinfo/planning/security/adminca.asp
>
> --
> Cary W. Shultz
> Roanoke, VA 24012
> Microsoft Active Directory MVP
>
> http://www.activedirectory-win2000.com
> http://www.grouppolicy-win2000.com
>
>
>
> "Hutch" <Hutch@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:7E5D7989-59B9-458B-950F-6FFDC1989E86@xxxxxxxxxxxxxxxx
> > Cary....thanks for the detailed break down.
> >
> > I have the 5 roles transfered. But what about this "recovery agent private
> > key" that Andrei said I should export?
> > What is it, and how do you do it?
> >
> > Thanks again,
> >
> >
> > "Cary Shultz [A.D. MVP]" wrote:
> >
> >> Hutch,
> >>
> >> Just make sure that any services that this DC is holding ( read: DNS,
> >> DHCP,
> >> Global Catalog, etc ) are transferred to any of the remaining Domain
> >> Controllers. In the case of the Global Catalog Server I would suggest
> >> that
> >> you make all of your Domain Controllers a Global Catalog Server ( done
> >> via
> >> the Active Directory Sites and Services MMC - go to the NTDS Settings
> >> under
> >> each Domain Controller ). This assumes that you have only one Domain.
> >>
> >> Another point to consider is to manually transfer any of the five FSMO
> >> roles
> >> that this DC might be holding. Since it is the first DC it very possibly
> >> holds all five of them. The dcpromo process will take care of this for
> >> you
> >> but I like to be in charge and manually do it. There are two ways to do
> >> this: use ntdsutil ( probably not the best way for someone with your
> >> experience ) or via the GUIs. Please see the two links below:
> >>
> >> http://support.microsoft.com/?id=255504
> >> http://support.microsoft.com/?id=255690
> >>
> >> Should you decide to venture out and use ntdsutil ( a wonderful little
> >> utility ) I would stress to you that you really should *TRANSFER* and not
> >> seize. Granted, if you are going to be removing the old DC then that
> >> should
> >> not matter but it is best to do things the correct way.....
> >>
> >> --
> >> Cary W. Shultz
> >> Roanoke, VA 24012
> >> Microsoft Active Directory MVP
> >>
> >> http://www.activedirectory-win2000.com
> >> http://www.grouppolicy-win2000.com
> >>
> >>
> >>
> >> "Hutch" <Hutch@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> news:5E943464-C0AB-43A9-A203-071109D7E563@xxxxxxxxxxxxxxxx
> >> > what is this recovery agent private key?
> >> >
> >> > And is there anything special I need to do since this was the first DC
> >> > in
> >> > our win 2000 AD?
> >> >
> >> > Thanks,
> >> >
> >> > "Andrei Ungureanu" wrote:
> >> >
> >> >> and as always, I add "export the recovery agent private key"
> >> >>
> >> >>
> >> >> --
> >> >> Andrei Ungureanu
> >> >> www.eventid.net
> >> >> Free Windows event logs reports
> >> >> http://www.altairtech.ca/evlog/
> >> >>
> >> >> "Paul Bergson" <pbergson@xxxxxxxxxxxxxxxxx> wrote in message
> >> >> news:%23vO6GZ$dFHA.1404@xxxxxxxxxxxxxxxxxxxxxxx
> >> >> > dcpromo, just like when you added it to the domain.
> >> >> >
> >> >> > --
> >> >> >
> >> >> >
> >> >> > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
> >> >> >
> >> >> > This posting is provided "AS IS" with no warranties, and confers no
> >> >> > rights.
> >> >> >
> >> >> >
> >> >> > "Hutch" <Hutch@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> >> > news:946E7059-C1F4-4DE5-82C1-DC748A12D515@xxxxxxxxxxxxxxxx
> >> >> >> AD - Windows 2000 native
> >> >> >>
> >> >> >> We have 4 domain Controllers.
> >> >> >>
> >> >> >> Whats the proper way \ proper steps to remove one of them.
> >> >> >> This was our first win2000DC and is a rather old and slow PC.
> >> >> >>
> >> >> >> I do not want to screw anything up during this process.
> >> >> >>
> >> >> >> Thanks,
> >> >> >
> >> >> >
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>
>
.

Relevant Pages

  • Re: remove Domain Controller
    ... If the Domain Controller that you are going to dcpromo is also the DC on ... Now, what is Certificate Services? ... >> Global Catalog, etc) are transferred to any of the remaining Domain ...
    (microsoft.public.win2000.active_directory)
  • Re: FSMO - can I turn on a DC after its PDCe role has been seized?
    ... According to the article I guess it would have been "Safe" to turn on the ... previously failed Domain controller even though its PDCe FSMO role had been ... the article states the server would have figured ... then run dcpromo. ...
    (microsoft.public.windows.server.active_directory)
  • Re: FSMO - can I turn on a DC after its PDCe role has been seized?
    ... [phone number on web site] ... The DCPromo cycle is sufficient for ALL DC purposes ... Better to seize the other roles and do the /forceremoval ... vacation the domain controller that holds all of my FSMO roles ...
    (microsoft.public.windows.server.active_directory)
  • Re: FSMO - can I turn on a DC after its PDCe role has been seized?
    ... RID Masters such an excessive risk that ... do so ONLY to perform the DCPromo ... This server also hosted my DHCP server. ... another domain controller so DHCP could be installed and authorized on ...
    (microsoft.public.windows.server.active_directory)
  • Re: Domain name
    ... > Dcpromo is the utility that you use to promote a plain member server ... > to a Domain Controller (or demote a Domain Controller down to a plain ... Dcpromo is something that we don't normally ... > encounter with SBS since the integrated SBS install does this for us. ...
    (microsoft.public.windows.server.sbs)