September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
2.4. Removing a Domain
Problem
You want to remove a domain from a forest. You may need to remove a domain during test scenarios or if you are collapsing or reducing the number of domains in a forest.
Solution
Removing a domain consists of demoting each domain controller in the
domain, which is accomplished by running dcpromo
on the domain controllers and following the steps to remove them. For
the last domain controller in the domain, be sure to select
“This server is the last domain controller in the
domain” in the dcpromo wizard so
that the objects associated with the domain get removed. If you do
not select that option for the last domain controller in the domain,
take a look at Recipe 2.5 for how to remove
an orphaned domain.
Tip
If the domain you want to remove has subdomains, you have to remove the subdomains before proceeding.
After all domain controllers have been demoted and depending on how your environment is configured, you may need to remove WINS and DNS entries that were associated with the domain controllers and domain unless they were automatically removed via WINS deregistration and DDNS during the demotion process. The following commands can help determine if all entries have been removed:
> netsh wins server \\<WINSServerName> show name <DomainDNSName> 1c > nslookup <DomainControllerName> > nslookup -type=SRV _ldap._tcp.dc._msdcs.<DomainDNSName> > nslookup <DomainDNSName>
You will also want to remove any trusts that have been established for the domain (see Recipe ...