Microsoft
Software
Hardware
Network
Question : Can I remove Active Directory from AD Recovery Mode (F8) on W2K Server?
I had win2K server crash due to a failing HD. I was able to take a ghost image of the failed drive even though it had many bad sectors. However, upon installing a replacement HD and dumping the image I get a error when trying to boot up regarding Ad.
Directory Service cannot start. Error status 0xc00002e1
I've tried repairing the file following all the microsoft knowledge base articles which suggest using NTDSUTIL etc etc but the nothing works. I don't care if I have to remove AD all together I just want to be able to get the server to boot up in normal mode without having AD loaded. I DO NOT want to have to wipe the machine clean and re-install .
Is there a way to uninstall or disable active directory from AD recovery mode?
When I try DCPROMO it tells me I can't run it because I'm in safe mode.
I have full access to other computers, ERD boot disk, etc I can remove the main drive and connect it to another machine as a secondary drive which will give me full acess to delete/change any folders i need to. Is possible simply to just delete the entire AD folder or something to that effect?
The client does not have ANY backup of ANYTHING so restoring is not an option.
Answer : Can I remove Active Directory from AD Recovery Mode (F8) on W2K Server?
DCPromo /forceremoval DOES NOT working in safe mode or while in the directory service recovery mode. After search for a while I FOUND A WORKING SOLUTION! If you have this problem and wiping out the server simply is NOT an option that I suggest you try the following UNSUPPORTED method for removing Active Directory from a server which won't boot into nomal mode. I followed these steps and was sucessfully able to remove AD and the reconfigure it without having to wipe the machine. We did have to re-create all the AD users but we didn't lose any of the propritery software that was loaded on the server which was the main concern. Here it is:
this actually worked. The ntds.dit was corrputed and the srv would only boot into DSRM. Used the procedure below and recreated AD, new accounts created and we kept the old propietary software on the server.
Click this link to view the site:
http://blogs.dirteam.com/b
logs/jorge
/archive/2
006/12/03/
Uninstalli
ng-Active-
Directory-
_2D00_-Dem
oting-a-DC
.aspx
The steps of the UNSUPPORTED way of removing AD from a server with W2K and W2K3 are:
Boot into DSRM (Directory Services Restore Mode)
Log on with the DSRM administrator
Start REGEDIT
Navigate to the key "HKLM\System\CurrentContro
lSet\Contr
ol\Product
Options"
Change the data value of the data name "ProductType" from "LanmanNT" to "ServerNT"
Reboot the server. It will boot as a stand alone server (although it shows the domain it belongs to in the logon screen)
Login with the LOCAL SERVER administrator account and its password. The password is the same as the DSRM administrator account.
Promote the server to a DC in a new AD domain in a new AD forest.
As a domain use for example "TEMPAD.TEMP" as the domain FQDN and "TEMPAD" as the domain NetBIOS name (it will suggest the OLD domain NetBIOS name, but DO NOT use that!!!).
Use the same path for the AD DB, the AD LOGS and the SYSVOL. If you don't know anymore open REGEDIT and navigate to the key "HKLM\SYSTEM\CurrentContro
lSet\Servi
ces\NTDS\P
arameters"
for the AD files information and look at the data values from the data names "DSA Working Directory" and "Database log files path". For the SYSVOL path navigate to the key "HKLM\SYSTEM\CurrentContro
lSet\Servi
ces\Netlog
on\Paramet
ers" and look at the data value from the data name "SYSVOL". From that path use only the part without the last SYSVOL directory. After entering the paths acknowledge to delete the current files in the specified folders!
REMARK: the password of the domain administrator account will be the same as the local server administrator, which again is the same as the previous DSRM administrator account.
Reboot the server. It will boot as a DC for the new created AD forest/domain
Login with the domain administrator account and its password. Look at the remark mentioned above.
Demote the DC being the last DC of the AD forest/domain that was just created. The end result will be a stand alone server which will still have the temporary FQDN as its DNS suffix (this changes automatically by default when the domain membership changes).
Delete the SYSVOL directory.
Reboot the server. It will boot as a stand alone server.
From now on do with the server as you wish, like joining as a member server or promoting to a DC of an existing AD domain (BEFORE DOING EITHER, DO FIRST WHAT IS MENTIONED ABOVE MEANING "SEIZING FSMO ROLES" HOSTED BY THE DC BEFORE AND "CLEANING ITS METADATA" AND FORCING AD REPLICATION OF BOTH CHANGES)
Random Solutions
Dell Vista error code 7B, hang at black screen after login, factory retsore
Matching case in SQL
Control Toolbox, Powerpoint 03
Connecting a workstation to existing SBS 2003 network
Lost user password on Vista Home Basic notebook. chntpw
reading text file into listbox and writing listbox items into a file at launching and exiting the application
Domain Controller time out of sync
"Database could not recover. Contact Technical Support." (with link to logs)
SQL - CASE Statement help needed
Get NT Login in Silverlight
