General uninstall of domain controllers, Active directory family 13

General uninstall of domain controllers          We now have some experience with the deployment and management of Active Directory, today we want to consider a problem if a domain controller we don't need, What should be done about it. It is not right to hit it directly, this is too violent, and the current harmonious environment is a little out of tune. The point is, if we let this domain controller disappear directly, other domain controllers are not aware of this message, and every other domain controller attempts to make AD replication with this domain controller at intervals, and the client may also send the username and password to the Non-existent domain controller for verification. If this brute-force domain controller is also taking on some operations master roles, we are even more in trouble. Therefore, when we do the domain controller uninstall, we must do the work in place, the priority to use conventional uninstall, and strive to not leave the trouble.          Some friends may say, I also want to use the normal uninstall, but sometimes is not normal uninstall, no way, had to ... We want to analyze why the domain controller does not uninstall properly. When a domain controller makes a general uninstall, the contents of the AD change, and the domain controller notifies its replication partner of the change, and the other domain controller is notified by its own replication partner. If all domain controllers are notified, they can be uninstalled correctly, and DNS Records, operations master roles, AD replication topologies, and so on can be solved. Therefore, ad replication between the domain controller uninstall and the domain controller is actually two sides of a coin, and AD replication is also performed when the domain controller unloads. To see if a domain controller can be uninstalled properly, we can simply see if the domain controller and its replication partners can be ad replicated in Active Directory sites and services, and as long as AD replication is available, there is no problem with the basic uninstall of the domain controller.          we give an example of a normal uninstall of a domain controller, as shown in the following diagram, we are ready to uninstall the domain controller Perth in the Shanghai site. As you can see from the topology, Perth replication partners should be Firenze, so as long as AD replication can take place between Perth and Firenze, Perth should be able to uninstall the domain controllers. Run Dcpromo on Perth, as shown in the following illustration, the Active Directory Installation Wizard appears, and the wizard determines that we are ready to put the Active Directory Delete, click "Next" to continue.   Since Perth is not the last domain controller in the domain, we cannot check that "This server is the last domain controller in the domain."   Perth Delete Active Directory, we need to set the local administrator password.   When Active Directory on Perth is deleted, Perth becomes a member server.   Perth began to uninstall the operation of the domain controller, note that the following figure, Perth AD changes to the Firenze, which is consistent with our prior analysis.   OK, Perth successfully completed the uninstall of the domain controller and deleted Active Directory.   Perth After the domain controller uninstall, we observe the DNS server, as shown in the following figure, we found that DNS has been updated Shanghai site SRV Records,   as shown in the following figure, Shanghai site Firenze Also His replication partner changed from Perth to Berlin. The number of   domain controllers has also changed, and Perth is no longer a member of a domain controller.   So we complete the general uninstall of domain controllers on the Perth, which is our preferred method. Of course, if it is not possible to uninstall properly, we also need to think of other ways, in the next blog we will describe how to perform a forced uninstall of the domain controller.