When you demote a domain controller, if it is not the last domain controller in the domain, it performs the last replication and then transfers its role to another domain controller. As part of the downgrade process, the Dcpromo utility removes the configuration data for that domain controller from Active Directory. This data is in the form of the NTDS settings object, which exists as a child object of the server object in Active Directory sites and service Manager. After a domain controller is degraded, it has no active Directory information available, and instead uses the Security Accounts Manager (SAM) database to obtain local database information. If the domain controller is a global catalog domain controller, this role will not be transferred to another domain controller. In this case, you must manually select the check box in Active Directory sites and service Manager to have another domain controller take over the role.
If the demotion process does not complete successfully for any reason, you must manually delete the metadata from the directory. To manually delete the NTDS settings object using the Ntdsutil.exe utility For additional information about how to use Ntdsutil.exe, click the following article number to view the article in the Microsoft Knowledge Base:
216498 Removing Active Directory Data after a unsuccessful demotion (delete Active directory after performing an unsuccessful domain controller demotion Data in the
1. Click Start, click Run Type dcpromo, and then click OK.
2. This launches the Active Directory Installation Wizard. Click Next.
3. Delete the Active Directory screen with a check box. Click to select this check box if this computer is the last domain controller in the domain. Otherwise, click Next.
4. On the next screen, set the password for the administrator account on this server after deleting Active Directory. Type the appropriate password in the Password and Confirm password box, and then click Next.
5. At the summary screen, review and confirm the options you selected, and then click Next.
6. The wizard will begin the process of removing Active Directory from this server. When the procedure is complete, a message appears indicating that Active Directory has been deleted from this computer.
7. Click Finish to exit the wizard.
8. Restart the computer.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
