2.4. Removing a Domain

Problem

You want to remove a domain from a forest. You may need to remove a domain during test scenarios or if you are collapsing or reducing the number of domains in a forest.

Solution

Removing a domain consists of demoting each domain controller in the domain, which is accomplished by running dcpromo on the domain controllers and following the steps to remove them. For the last domain controller in the domain, be sure to select “This server is the last domain controller in the domain” in the dcpromo wizard so that the objects associated with the domain get removed. If you do not select that option for the last domain controller in the domain, take a look at Recipe 2.5 for how to remove an orphaned domain.

Tip

If the domain you want to remove has subdomains, you have to remove the subdomains before proceeding.

After all domain controllers have been demoted and depending on how your environment is configured, you may need to remove WINS and DNS entries that were associated with the domain controllers and domain unless they were automatically removed via WINS deregistration and DDNS during the demotion process. The following commands can help determine if all entries have been removed:

> netsh wins server \\<WINSServerName> show name <DomainDNSName> 1c
> nslookup <DomainControllerName>
> nslookup -type=SRV _ldap._tcp.dc._msdcs.<DomainDNSName>
> nslookup <DomainDNSName>

You will also want to remove any trusts that have been established for the domain (see Recipe ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.