2.4. Removing a Domain
Problem
You want to remove a domain from a forest. You may need to remove a domain during test scenarios or if you are collapsing or reducing the number of domains in a forest.
Solution
Removing a domain consists of demoting each domain controller in the
domain, which is accomplished by running dcpromo
on the domain controllers and following the steps to remove them. For
the last domain controller in the domain, be sure to select
“This server is the last domain controller in the
domain” in the dcpromo
wizard so
that the objects associated with the domain get removed. If you do
not select that option for the last domain controller in the domain,
take a look at Recipe 2.5 for how to remove
an orphaned domain.
Tip
If the domain you want to remove has subdomains, you have to remove the subdomains before proceeding.
After all domain controllers have been demoted and depending on how your environment is configured, you may need to remove WINS and DNS entries that were associated with the domain controllers and domain unless they were automatically removed via WINS deregistration and DDNS during the demotion process. The following commands can help determine if all entries have been removed:
> netsh wins server \\<WINSServerName
> show name <DomainDNSName
> 1c > nslookup <DomainControllerName
> > nslookup -type=SRV _ldap._tcp.dc._msdcs.<DomainDNSName
> > nslookup <DomainDNSName
>
You will also want to remove any trusts that have been established for the domain (see Recipe ...
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.