Active Directory Removal Behaviors

When you remove Active Directory either from an additional domain controller or from the last domain controller in the domain, the Active Directory Installation Wizard performs the following operations:

  • Replication of changes to the configuration directory partition and the schema directory partition. For an additional domain controller, it replicates changes to the configuration, schema, and domain directory partitions.
  • Transfer of any operations master roles that the domain controller is holding to another domain controller. While it is possible to allow the Active Directory Installation Wizard to do this, it is not recommended that you rely on the wizard to perform this action. Controlling where operations masters are placed ensures that you can locate and administer each operations master role as necessary.
  • Removal of the system volume objects from the directory database; the system volume objects from the NtFrs database; and deletion of the SYSVOL directory hierarchy. NtFrs requests that the NetLogon service remove the share from the system volume.
  • Removal of the NTDS Settings object and cross-reference objects.
  • Update of DNS to remove the SRV records and Cname records. (When the NTDS Settings object is deleted, the Directory System Agent (DSA) notifies the NetLogon service, and the NetLogon service removes the records).
  • Creation of the local SAM database in the same manner as during a new installation, including creation of the local administrator account and setting the password.
  • Modification of the LSA membership policy to distinguish whether the computer is a standalone server or a member server.
  • Stop of the NetLogon service and other services. The same services that were started during the installation of Active Directory procedure are stopped. Services that relate only to the directory service are configured to not start automatically.

Removing Active Directory from an Additional Domain Controller

When you remove Active Directory from an additional domain controller, the Active Directory Installation Wizard:

  • Locates a source domain controller in the same domain where the additional domain controller account exists and replicates changes to it.
  • Sets the computer account type to member server and moves the computer account for the additional server from the Domain Controllers container to the Computers container.

Removing Active Directory from the Last Domain Controller

When you remove Active Directory from the last domain controller in the domain, the Active Directory Installation Wizard:

  • Verifies that no child domains exist.
  • Locates a source domain controller in the parent domain and replicates changes to it.
  • Removes Active Directory objects specific to this domain from the forest. The wizard contacts the domain naming master and removes the NTDS Settings and cross-reference objects.
  • Removes trust objects on the parent server. The trustedDomain objects in the System folder are deleted.
  • Places the server in a workgroup called “Workgroup.”

Removing Active Directory from a Domain Controller that Hosts an Application Directory Partition

In Windows Server 2003, non-domain data that is not of global interest can be stored on and replicated between designated domain controllers located in different domains throughout the forest by using application directory partitions. For example, you can store data that is specific to a single application in an application directory partition.

When you are removing a domain controller on which an application directory partition is present, the Active Directory Installation Wizard blocks the removal of that domain controller if it determines that the domain controller hosts the last copy of the application directory partition in the forest. If the removal of Active Directory is blocked, a dialog box lists the application directory partitions existing on the machine. Click Next to remove the application directory partitions from the domain controller and continue with the removal of Active Directory.

If at least one other replica of the application directory partition is located in the domain, the wizard skips the dialog box mentioned above and proceeds with the removal of Active Directory. Any changes to the application directory partition are replicated to another replica before it is destroyed.

Advertisements
This entry was posted in Active Directory. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s