|
Scenario:
Parent domain dies, leaving a poor little orphan domain.
Little orphan domain now wants to be independent or join another family (domain) so it
tries to run DCpromo.
Dcpromo says: "Unless I can contact your parent I cannot set you free"
Little orphan replies: "But my parent is dead!"
Seriously, how can you remove ADS from a server in domain that has lost it’s parent domain,
when DCpromo can no longer contact the now non-existing parent domain anymore.?
Scenario:
Forest Root DC, also GC, holding all FSMO’s has a corrupt copy of the AD database.
You need to keep the machine and the production domain intact.!
Here is a working, non-supported, way of doing this.
- On another DC in the domain run NTDSUTIL to move the FSMO’s, that is seize them!
- Make sure DNS is 100% solid on the working DC.
- Make sure another working DC is also a GC.
- Boot the corrupt DC into Active Directory Restore Mode, and edit the following registry key:
| Hive: |
HKEY_LOCAL_MACHINE |
| Key: |
SYSTEM\CurrentControlSet\Control\ProductOptions |
| Name: |
ProductType |
| Type: |
REG_SZ (String value) |
| Value: |
LanmanNT (the old value) |
| Value: |
ServerNT (the new value) |
Yeah, one key baby!
- Open a command prompt and type: net stop ntfrs to stop File Replication Service.
- Delete WINNT\SYSVOL and NTDS directories.
- Reboot the now former DC.
- Log into the now member server and change it to a stand alone, by joining a workgroup.
- Reboot the now stand alone server.
- On the good DC delete the disabled computer account for the old, now defunctional, old DC.
- On the stand alone run DCPROMO to join the domain/tree/forest again.
- Reboot and use the new DC.
Enjoy. I have done this personally, it works.
But don’t trust me, test for yourself.
|
