Demote the server using dcpromo /forceremoval,
then remove the metadata from Active directory using ndtsutil. There is no way
to get user passwords from AD that I am aware of, but you should still be able
to change them.
Another way out too
Restart the DC is DSRM mode
a. Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ProductOptions
b. In the right-pane, double-click ProductType.
c. Type ServerNT in the Value data box, and then click OK.
Restart the server in normal mode
its a member server now but AD entries are still there. Promote the server to a
fake domain say ABC.com and then remove gracefully using DCpromo. after you use
the dcpromo /forceremoval command, all the remaining metadata for the demoted
DC is not deleted on the surviving domain controllers, and therefore you must
manually remove it by using the NTDSUTIL command .
Posts
0 comments:
Post a Comment