Results 1 to 9 of 9

Thread: Unjoining windows domain

  1. #1
    Junior Member SWFu64's Avatar
    Join Date
    Jan 2010
    Posts
    97

    Default Unjoining windows domain

    Hi all,

    First post here, but I have been reading posts for some time now and think BackTrack is an awesome tool! (many thanks to all concerned).

    I have a problem which has been bothering me for some time now...

    I have a remote windows server 2003 which was once part of an old deprecated domain, the problem is that I need to unjoin it from the domain, when trying this I get an error messege that the 'domain controller cannot be contacted' etc. After googling I found a claimed way to force it using winbatch but alas this did not work either.

    Does anyone know of a way to unjoin it without getting it from the remote site and doing a fresh install?

    Thanks

  2. #2
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  3. #3
    Junior Member SWFu64's Avatar
    Join Date
    Jan 2010
    Posts
    97

    Default

    Posted on all 3, thanks. Fingers crossed!

  4. #4
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Now that I've finished my coffee and had a bit of time to think about this, you should checkout a tool called dcpromo it might be able to help ya.

    Aside from that I don't have any other suggestions, GL with the other posts I hope someone has a good answer for ya.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  5. #5
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by thorin View Post
    Now that I've finished my coffee and had a bit of time to think about this, you should checkout a tool called dcpromo it might be able to help ya.

    Aside from that I don't have any other suggestions, GL with the other posts I hope someone has a good answer for ya.
    DCPromo probably won't work without a Another server on the domain.

    Chances he'll have to use NTDSUTIL to seize the FSO role and then he can probably demote it using DCPromo.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  6. #6
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    <shrug> I didn't have direct experience with dcpromo I just recalled someone using it for something similar to this in the past.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  7. #7
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by thorin View Post
    <shrug> I didn't have direct experience with dcpromo I just recalled someone using it for something similar to this in the past.
    That's ok, I was just trying to add some more keywords for the OP to search on. Getting an orphaned server back isn't always easy, and chances are, he's going to have to go out there to do it.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  8. #8
    Junior Member SWFu64's Avatar
    Join Date
    Jan 2010
    Posts
    97

    Default

    Quote Originally Posted by streaker69 View Post
    That's ok, I was just trying to add some more keywords for the OP to search on. Getting an orphaned server back isn't always easy, and chances are, he's going to have to go out there to do it.
    Sure is! Even with ntdsutil its looking that a connection to the domain controller is needed also.

    The server needs upgrading in the near future anyway.

    Thanks for you help guys.

  9. #9
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by SWFu64 View Post
    Sure is! Even with ntdsutil its looking that a connection to the domain controller is needed also.

    The server needs upgrading in the near future anyway.

    Thanks for you help guys.
    You should be able to seize the role of RID Master and FSO Master without another DC on the network and from there you should be able to demote it using DCPromo.

    I'm fairly sure there's an entire KB article on the MS support site that explains how to do it.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •