1

We have a DC (BDC2) that a former SysAdmin was trying to set up so we could decommission an older DC. This DC was mostly set up, and then abandoned (IE, it was sitting shelved on a VM that was turned off). It has already been fulled purged from our live DC (the DC was removed from the domain while the machine was still powered off, and then meta-data was purged). I booted up the BDC2 VM this morning with the NIC pulled in order to remove the DC role and then add everything back in and attempt to get it going.

I'm not sure how to answer the 'Delete the domain' question in dcpromo. Should I have it 'delete the domain because this server is the last domain controller in the domain'? BDC2 is not on the network, but still thinks its part of a domain, and thinks there are other DCs in the domain.

I can't figure out if the question is pointless, since I'm ultimately removing the role before I attempt to give it its NIC back and then re-add the role and add it back into the domain, or if I need to check the box in order to make sure it cleans up nicely.

Sam K
  • 506
  • 5
  • 20
  • 4
    Why not just wipe the machine and start with a fresh Windows install? – joeqwerty Sep 19 '18 at 16:06
  • After doing some additional reading that is actually what I'm leaning towards now... the best 'safe' route I found was to force removal, create a new domain on that machine with a different name, remove that, and then, finally, join it to the live domain. And even THAT is risky. So...if that whole process still comes with risks, think I will be better off with a rebuild! – Sam K Sep 19 '18 at 17:01

2 Answers2

1

I'm really not sure how to reconcile:

It has already been fulled purged from our live DC.

with

Should I have it 'delete the domain because this server is the last domain controller in the domain'?

If you have another live DC in that domain then the DC you're trying to tidy up isn't the last domain controller in the domain. If the DC you're trying to tidy up is the final DC then where does the (implied) other "live" DC come from?

If you are destroying the domain then you can use the option to delete the domain when removing the last domain controller in that domain though as JoeQwerty implies, you equally could just not bother (provided there are no other domains in the forest).

If you have any other configuration then you need to either summarise it better to get better advice here or not delete anything without the help of an on-site expert.

Rob Moir
  • 31,664
  • 6
  • 58
  • 86
  • BDC2 was 'started' setting up on the Live Domain but had sync issues of some sort that were never fully figured out, so someone took it offline. When I started here, the PDC and BDC1 weren't properly synced either. While BDC2 was still offline I fully removed it from the DC, cleaned up metadata, ended up doing an authoritative restore between the PDC and BDC1 to get them to sync everything. Those two were now working. Several months later I return to BDC2, with its NIC pulled, power it up. It is on BDC2 that I'm trying to destroy the domain, not on the Live DC (PDC+BDC1). – Sam K Sep 19 '18 at 16:58
  • Also edited the OP to try and add a little more clarity. – Sam K Sep 19 '18 at 17:06
0

In the end the clearest resolution was not to mess around with demoting/promoting or anything of the sort but to reinstall the OS and recreate it as a DC with a new name in our naming scheme.

Sam K
  • 506
  • 5
  • 20