Windows Server 2012 Role Transfer and delete domain control methods

Source: Internet
Author: User
Tags administrator password domain server in domain

This chapter blog describes how Windows Server 2012 captures the primary domain control role and removes the domain control method. According to the different operating environment, the operation methods are summarized and summarized.

Here are 2 things to do:

First, Environment : Primary domain controller ds01.bicionline.org, secondary domain controller pdc01.bicionline.org, two domain control servers are functioning properly, and AD replication can be implemented between each other. Purpose : The primary domain control server transfers RID, PDC, domain, Schema, naming role, and GC functions to the secondary domain controller and demote it to a normal server. Solution : Through a graphical interface or command line interface for role transfer, through the Service Manager Domain demotion, delete the DNS server in all areas of the original primary domain control DNS records, delete the ' site and service ' in the master domain control server.

Steps to resolve:

  1. Pass the PDC, RID, infrastructure roles:

    Log on to the pdc01.bicionline.org secondary domain server, go to Active Directory users and Computers pdc01.bicionline.org, right-click bicionline.org to select the operations master, Make changes to 3 host roles:

    650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M02/9D/54/wKioL1l-loDiqzj0AABM3PrZmmY524.png-wh_500x0-wm_ 3-wmp_4-s_2005716821.png "title=" qq picture 20170731102851.png "Width=" "height=" 366 "border=" 0 "hspace=" 0 "vspace=" 0 " Style= "WIDTH:300PX;HEIGHT:366PX;" alt= "wkiol1l-lodiqzj0aabm3przmmy524.png-wh_50"/> 650) this.width=650; "Src=" Https://s4.51cto.com/wyfs02/M00/9D/54/wKiom1l-loGCdIKxAABQYvgt72A186.png-wh_500x0-wm_3-wmp_4-s_1016793864.png " title= "QQ picture 20170731102855.png" width= "height=" 370 "border=" 0 "hspace=" 0 "vspace=" 0 "style=" width:300px;height : 370px; "alt=" Wkiom1l-logcdikxaabqyvgt72a186.png-wh_50 "/>

    650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M00/9D/54/wKioL1l-loGxzCIZAABLM6e-3-w159.png-wh_500x0-wm_ 3-wmp_4-s_1895917729.png "title=" qq picture 20170731102859.png "Width=" "height=" 366 "border=" 0 "hspace=" 0 "vspace=" 0 " Style= "WIDTH:300PX;HEIGHT:366PX;" alt= "Wkiol1l-logxzcizaablm6e-3-w159.png-wh_50"/>

  2. Pass the schema master role:

    WINDWOS Server 2012 Registration regsvr32 schmmgmt command to view the domain schema through the MMC. As

    A, registered domain schema

    650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M02/9D/54/wKiom1l-mNHDHE9kAAA6ywG-j0E409.png-wh_500x0-wm_ 3-wmp_4-s_2410339997.png "style=" WIDTH:300PX;HEIGHT:184PX; "title=" QQ picture 20170731104114.png "Width=" height= "184 "border=" 0 "hspace=" 0 "vspace=" 0 "alt=" wkiom1l-mnhdhe9kaaa6ywg-j0e409.png-wh_50 "/>

    B. Open the MMC console and add the cell "Active Directory schema".

    650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/9D/54/wKiom1l-mXyD9kScAADiAgZat4M025.png-wh_500x0-wm_ 3-wmp_4-s_1249858966.png "title=" qq picture 20170731104352.png "Width=" "height=" 388 "border=" 0 "hspace=" 0 "vspace=" 0 " Style= "WIDTH:500PX;HEIGHT:388PX;" alt= "Wkiom1l-mxyd9kscaadiagzat4m025.png-wh_50"/>

    C. Right-click on "Active Directory schema pdc01.bicionline.org" to select the "Operations master" option.

    650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M01/9D/54/wKioL1l-mruSY9iBAABAYQhMWeU059.png-wh_500x0-wm_ 3-wmp_4-s_4025152154.png "title=" qq picture 20170731104923.png "Width=" "height=" 244 "border=" 0 "hspace=" 0 "vspace=" 0 " Style= "WIDTH:300PX;HEIGHT:244PX;" alt= "Wkiol1l-mrusy9ibaabayqhmweu059.png-wh_50"/>

  3. Pass-through domain naming operations master:

    Go to Active Directory domain and trust relationship pdc01.bicionline.org, right-click to select Operations master and make changes to the naming role:

    650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M02/9D/54/wKioL1l-nDCR2nx4AABtm645Ptk321.png-wh_500x0-wm_ 3-wmp_4-s_4282236861.png "title=" qq picture 20170731105535.png "alt=" Wkiol1l-ndcr2nx4aabtm645ptk321.png-wh_50 "/>

    650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M01/9D/54/wKioL1l-nF-ww9KVAABBnbS6A4M461.png-wh_500x0-wm_ 3-wmp_4-s_1041743179.png "title=" qq picture 20170731105624.png "Width=" "height=" 236 "border=" 0 "hspace=" 0 "vspace=" 0 " Style= "WIDTH:300PX;HEIGHT:236PX;" alt= "Wkiol1l-nf-ww9kvaabbnbs6a4m461.png-wh_50"/>

  4. The previous steps are performed via the graphical interface, and the role transfer can also be achieved by means of the Ntdsutil tool: steps below

    Run-cmd-ntdsutil Carriage return #

    Tip: Enter? , you can view the command line and command function comments that can be entered in this mode.

    Roles return//Role feature options

    Connections return //Enter connection mode

    Connect to server pdc01.bicionline.org Enter //Connect PDC01 server

    Quit Enter //exit

    Transfer naming Master Enter //connect the connected server as a named host

    Transfer Infrastructure Master Enter

    Transfer PDC return

    Transfer RID Master return

    Transfer schema Master Enter

    650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/9D/55/wKiom1l-n-3RmSroAACyrEObHIY272.png-wh_500x0-wm_ 3-wmp_4-s_1963994258.png "title=" qq picture 20170731110933.png "alt=" Wkiom1l-n-3rmsroaacyreobhiy272.png-wh_50 "/>

  5. Log on to the ds01.bicionline.org server to remove the AD domain feature and DNS server functionality.

    A. Go to Server Manager and select the "Remove Roles and Features" option.

    650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/9D/56/wKiom1l-pMGxQyJ1AACrHzbaHGg702.png-wh_500x0-wm_ 3-wmp_4-s_4198402652.png "style=" Float:none; "title=" QQ picture 20170731112820.png "alt=" Wkiom1l-pmgxqyj1aacrhzbahgg702.png-wh_50 "/>

    B, cancel the Active directory Domain Services option, and then select demote this domain controller.

    650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M02/9D/56/wKioL1l-pMTTysi_AADsEcj0uNA899.png-wh_500x0-wm_ 3-wmp_4-s_1752930529.png "style=" Float:none; "title=" QQ picture 20170731112909.png "alt=" Wkiol1l-pmttysi_ Aadsecj0una899.png-wh_50 "/>

    C, the default next.

    650) this.width=650; "Src=" https://s1.51cto.com/wyfs02/M00/9D/56/wKiom1l-pMXghP-KAACPUr3yydk494.png-wh_500x0-wm_ 3-wmp_4-s_1090440538.png "style=" Float:none; "title=" QQ picture 20170731112942.png "alt=" Wkiom1l-pmxghp-kaacpur3yydk494.png-wh_50 "/>

    D, tick "continue to delete", default next.

    650) this.width=650; "Src=" https://s5.51cto.com/wyfs02/M02/9D/57/wKioL1l-rvzSj_acAACZ6a8HNTE266.png-wh_500x0-wm_ 3-wmp_4-s_4235744774.png "style=" Float:none; "title=" QQ picture 20170731121332.png "alt=" wkiol1l-rvzsj_ Acaacz6a8hnte266.png-wh_50 "/>

    e, add DNS credentials, using the domain Administrator account bicionline\administrator. default next.

    650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M02/9D/57/wKioL1l-sJbQnZ-UAAB_uo9G0qI439.png-wh_500x0-wm_ 3-wmp_4-s_2942807476.png "style=" Float:none; "title=" QQ picture 20170731122223.png "alt=" wkiol1l-sjbqnz-uaab_ Uo9g0qi439.png-wh_50 "/>

    e, enter the new administrator password. default next.

    650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M01/9D/57/wKioL1l-sGbSKp5VAAB641bCGLo339.png-wh_500x0-wm_ 3-wmp_4-s_1805194367.png "style=" Float:none; "title=" QQ picture 20170731122144.png "alt=" Wkiol1l-sgbskp5vaab641bcglo339.png-wh_50 "/>

    E, default demotion. Wait for the uninstallation to complete and restart.

    650) this.width=650; "Src=" https://s4.51cto.com/wyfs02/M01/9D/57/wKioL1l-rv2wx7iDAACpMO9QfZE152.png-wh_500x0-wm_ 3-wmp_4-s_2138954375.png "style=" Float:none; "title=" QQ picture 20170731121504.png "alt=" Wkiol1l-rv2wx7idaacpmo9qfze152.png-wh_50 "/>


  II environment   master domain controller ds01.bicionline.org, secondary domain controller pdc01.bicionline.org  , purpose rid, PDC, Domain, Schema, naming role, and GC features solutions : Use the Ntdsutil tool to force the seizure of 5 roles, remove the original domain control server, remove the existing primary domain-controlled DNS records from all zones in the DNS server, and delete the ' sites and Services ' master domain server.

Steps to resolve:

  1. Role transfer can also be achieved by Ntdsutil tools: Steps are as follows

    Run-cmd-ntdsutil Carriage return #

    Tip: Enter? , you can view the command line and command function comments that can be entered in this mode.

    Roles return//Role feature options

    Connections return//Enter connection mode

    Connect to server pdc01.bicionline.org Enter//Connect PDC01 server

    Quit Enter//exit

    Seize naming master return//overwrite the named host role on the connected server

    Seize infrastructure Master Enter

    Seize PDC return

    Seize RID Master return

    Seize schema Master Enter

    650) this.width=650; "Src=" https://s2.51cto.com/wyfs02/M00/9D/57/wKiom1l-tqmSURFRAAC9PrGFFIc637.png-wh_500x0-wm_ 3-wmp_4-s_1250919390.png "title=" qq picture 20170731124829.png "alt=" Wkiom1l-tqmsurfraac9prgffic637.png-wh_50 "/>

  2. Cleanup of DS01 server residue information (metadata)

    Run--cmd---ntdsutil

    Metadata cleanup return//Enter server object cleanup mode

    Select operation target Enter//Enter Operation Object Selection mode

    Connections return//Enter connection mode

    Connect to server PDC01 Enter//Connect to PDC01 server side

    Quit Enter

    List sites Enter//list the sites in the currently connected domain

    Select site 0//Choose Station 0

    List domains in site/list domains in sites

    Select domain 0//Choose field 0

    List servers for domain in site//list all servers in 0 site 0 domains

    Select server 0//selected domain will be deleted (domain control)

    Quit

    Remove selected server //Remove the selected server (domain control)

    650) this.width=650; "Src=" https://s3.51cto.com/wyfs02/M01/9D/57/wKioL1l-uUrSlM3tAAC4JlL2Lsw947.png-wh_500x0-wm_ 3-wmp_4-s_1610353571.png "title=" qq picture 20170731125944.png "alt=" Wkiol1l-uurslm3taac4jll2lsw947.png-wh_50 "/>

  3. Please be cautious about how to do this.


This is explained in detail: in the different working situations, the methods about role transfer and removing domain control are introduced. In addition to completing the role transfer and deleting the domain, you also need to remove DNS records about DS01 in each zone in the DNS server, remove the DS01 server from ' sites and Services ' , and configure PDC01 as a GC (global catalog), which are easily ignored. Please keep in mind.


This article is from the "Wish_" blog, be sure to keep this source http://wishliang.blog.51cto.com/11439802/1952308

Windows Server 2012 Role Transfer and delete domain control methods

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.