Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Remove AD from only Domain Controller with ISA?

Status
Not open for further replies.
ADB100

ADB100

Technical User
Mar 25, 2003
2,399
GB
I have a single Windows 2000 Domain Controller that has various application/file shares as well as a few user home directories. This server also runs ISA and is configured with several custom policies and policy elements as well as some server publishing rules.
I need to re-install AD to clean out a LOT of incorrect Classes and Attributes that were added as part of a botched beta application. If I run DCPROMO to remove AD and then run it again to re-install AD what is the likely state of the the various components? - shares, permissions, ISA etc?

Since Microsoft removed the ability to remove classes or attributes from AD I am forced to do it this way as there is simply no other way. I cannot leave the classes & attributes in AD so don't bother replying stating that I can deactivate them.

Thanks

Andy
 
Sort by date Sort by votes
Please, someone must have done something similar?

 
Upvote 0 Downvote
If you remove Active Directory from your Domain, you will no longer have any permissions to worry about because you will have no directory or users, ect. This will effect everything that once knew about "yourdomain.com". There will be no Domain.

You will be starting over.

Scott
 
Upvote 0 Downvote
I sort of know that already. Will all the permissions be reset? and what to? Will I have to re-create all the ISA policy elements and policies or is there a way to maintain what is configured? I know I can back up the ISA configuration but since I will be removing AD and then re-installing it will it allow me to restore a config from the old domain?
What happens to user accounts etc? I have several users, will they loose all their settings such as office stuff etc? Should I remove the computers from the domain before I demote the server?

I am anticipating a day to sort this out, is it likely to take more time?

Thanks

Andy
 
Upvote 0 Downvote
What you are proposing to attempt is full of problems and it sounds to me that you are going to make a lot of work for youself.. If you remove the AD then you will remove all users, groups and permissions under AD and you will revert back to the Local Users and Groups.

I think the only path to take here is the safe one.

1. Remove all Workstations from the Domain
2. Remove all Shares on the Server
3. Demote the DC
4. Promote the DC (using you new Schema Plan)
5. Add Users and Groups to the new AD
6. Create all the shares
7. Join each Workstation/User to the new Domain and ensure that they have access applications as required
8. Check all yor ISA Settings, Rules etc

Regards
Chris

 
Upvote 0 Downvote
Thinking some more I would uninstall ISA and reinstall after the Domain was sound.

Regadrs
Chris
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
1K
goombawaho
goombawaho
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
1K
gbaughma
gbaughma
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
924
suncit
suncit
DrB0b
  • Locked
  • Question
Hybrid on prem AD with Azure AD
Replies
2
Views
413
DrB0b
DrB0b
Teo En Ming
  • Locked
  • Question
Actions taken during Disaster Recovery for client whose IBM Megaraid controller has failed
Replies
2
Views
651
fightaccording
fightaccording

Part and Inventory Search

Sponsor

Back
Top