Last updated on November 3rd, 2019 at 12:24 pm
Proceed to step 2
Skip to step 5
Using “Manage Your Server Utility” from the start menu, click Add/Remove Roles then Remove DNS
1. WIN + Pause/Break or start menu, right click my computer and select properties
2. Click computer name tab
3. Click change
4. Select workgroup
5. Enter Workgroup name
*YOU MUST RENAME THE COMPUTER AS WELL*
6. Shutdown machine
1. Log on to the Secondary Domain Controller (DC2)
2.Click Start, point to Run then type “CMD”, then press ENTER.
3. Run the following commands:
Based on the options given, the administrator can perform the removal, but additional configuration parameters must be specified before the removal can occur.
This menu is used to connect to the specific server where the changes occur.
connect to server DC2
select operation target
select domain number
*Where “number” is, the number associated with the domain the server you are removing is a member of.
select site number
*Where “number” is, the number associated with the site the server you are removing is a member of. *It will not prompt you stating that it is connected.*
list servers in site
select server number
*Where “number” is, the number associated with the server you want to remove. It will not prompt you stating that it is connected.
remove selected server quit
*Quit the Ntdsutil utility.
18. Remove the cname record in the _msdcs.root domain of forest zone in DNS.
19. In the DNS console, use the DNS MMC to delete the A record in DNS.
*Also, delete the cname record in the _msdcs container. To do this, expand the _msdcs container, right-click cname, and then click Delete.
*In the DNS console, click the domain name under Forward Lookup Zones, and then remove this server from the Name Servers tab.
1. Remove old computer account by using “Active Directory Sites and Services” tool.
2. Remove old DNS and WINS records of the orphaned Domain Controller.
3. Use “ADSIEdit” to remove old computer records from the Active Directory.
*CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=domain,DC=local
4. Search through all directories in DNS management console and delete any and all reference to DC1.
*Check properties of all records
1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.
2. Double-click Sites in the left pane.
3. Open the Servers folder, and then click the domain controller.
4. In the domain controller’s folder, double-click NTDS Settings.
5. On the Action menu, click Properties.
6. On the General tab, view the Global Catalog check box to see if it is selected.
This is per Microsoft and pretty much all articles I have read. <— This can be avoided. If you rename the server, change the IP and disable networking while you do everything else. You can give the old IP to the new backup DC (with a different name) and bring the old DC back into the domain as a computer (with a different name).
Edit: You can bring it back into the Domain with the same computer name as long as you remove all trace of it being a domain controller within DNS. In fact if you remove AD without using the /forceremove it will even ask if you want to add it to the domain. like this:
-Stop the KDC service on the DC experiencing the issue.
-Run the following command with elevated rights:
netdom resetpwd /server: /userd: /passwordd:*
-It will prompt for the password of the Domain Admin account that you used, enter that.
-Once the command executes, reboot the server.
-DNS zones should load now.
-Exchange services should be started.