Removal of domain's last 2003 DC

Similar Messages

• Remove a domain from Exchange 2003, now other domains cannot send to the old domain error 5.1.1

  We have a single Exchange 2003 server.  We have multiple mail domains on the server, but are slowly moving to a hosted email solution.  I moved the first domain, I will call it
  domainABC, to our hosted solution.  I have removed all exchange mailboxes from the users, and deselected the domain from Recipient Policies.  I then ran the policy.  
  Whenever I send an email to anyone on Domain ABC from any other domain on the Exchange server, I get the 5.1.1 message.  I am not sure what to do next - any help would be appreciated...
  Brian

  Hi Brian,
  Could you post the detail information for the NDR message?
  When you migrate all the users to the host email server, did you change mx record point to the new server?
  You also can use this tool to help you check for the inbound email test (for Domain ABC).
  Exchange Remote Connectivity Analyzer
  https://www.testexchangeconnectivity.com/
  Thanks,
  Evan Liu
  TechNet Subscriber Support in forum
  If you have any feedback on our support, please contact
  [email protected]
  Evan Liu
  TechNet Community Support

• Upgrade to Server 2012 R2 domain controllers from 2003

  I am at a loss as to what I did wrong here. Everything seems to be working fine except for one subnet (which is behind a hardware firewall).
  We had two Server 2003 domain controllers and one of them was failing.  I raised the forest functional level of our old primary domain controllers to 2003.  I built the first replacement Server 2012 R2 domain controller.  Added the AD DS roles
  and promoted it as a domain controller.  I let it sit for a couple days.  The FSMO roles were currently being handled by our other 2003 domain controller.  Once this had been sitting for a while (don't recall how long) I ran dcpromo on the failing
  server and demoted it.  Once demoted I shut it down and pulled it out of the rack.  I then built our second 2012 R2 server and gave it the same IP as the failing one.  Installed the AD DS roles and integrated DNS as prompted by the wizard. 
  I then made it the operations master for Schema master, Domain naming master, PDC, RID pool manager, and Infrastructure master.  Then I ran dcpromo on the second 2003 domain controller to demote it and removed it from the network.  I then demoted
  the first new controller (DC03) changed the hostname and IP to the name and IP of the second 2003 controller and promoted it again.  I'm not sure at what point things broke, but everything works from the same subnet that the domain controllers are in,
  just not a second subnet that is through a hardware firewall.  I don't see anything getting blocked while watching firewall logs so I don't think the firewall is the issue.
  Here is the dcdiag and ipconfig from the first controller (which has all 5 FSMO roles).
  Microsoft Windows [Version 6.3.9600]
  (c) 2013 Microsoft Corporation. All rights reserved.
  C:\Users\username>dcdiag /v /test:dns
  Directory Server Diagnosis
  Performing initial setup:
     Trying to find home server...
     * Verifying that the local machine WGDDC01, is a Directory Server.
     Home Server = WGDDC01
     * Connecting to directory service on server WGDDC01.
     * Identified AD Forest.
     Collecting AD specific global data
     * Collecting site info.
     Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=wgd,DC=inet,LD
  AP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
     The previous call succeeded
     Iterating through the sites
     Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
  ,CN=Sites,CN=Configuration,DC=wgd,DC=inet
     Getting ISTG and options for the site
     * Identifying all servers.
     Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=wgd,DC=inet,LD
  AP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
     The previous call succeeded....
     The previous call succeeded
     Iterating through the list of servers
     Getting information for the server CN=NTDS Settings,CN=WGDDC01,CN=Servers,CN=
  Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wgd,DC=inet
     objectGuid obtained
     InvocationID obtained
     dnsHostname obtained
     site info obtained
     All the info for the server collected
     Getting information for the server CN=NTDS Settings,CN=WGDDC02,CN=Servers,CN=
  Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wgd,DC=inet
     objectGuid obtained
     InvocationID obtained
     dnsHostname obtained
     site info obtained
     All the info for the server collected
     * Identifying all NC cross-refs.
     * Found 2 DC(s). Testing 1 of them.
     Done gathering initial info.
  Doing initial required tests
     Testing server: Default-First-Site-Name\WGDDC01
        Starting test: Connectivity
           * Active Directory LDAP Services Check
           Determining IP4 connectivity
           * Active Directory RPC Services Check
           ......................... WGDDC01 passed test Connectivity
  Doing primary tests
     Testing server: Default-First-Site-Name\WGDDC01
        Test omitted by user request: Advertising
        Test omitted by user request: CheckSecurityError
        Test omitted by user request: CutoffServers
        Test omitted by user request: FrsEvent
        Test omitted by user request: DFSREvent
        Test omitted by user request: SysVolCheck
        Test omitted by user request: KccEvent
        Test omitted by user request: KnowsOfRoleHolders
        Test omitted by user request: MachineAccount
        Test omitted by user request: NCSecDesc
        Test omitted by user request: NetLogons
        Test omitted by user request: ObjectsReplicated
        Test omitted by user request: OutboundSecureChannels
        Test omitted by user request: Replications
        Test omitted by user request: RidManager
        Test omitted by user request: Services
        Test omitted by user request: SystemLog
        Test omitted by user request: Topology
        Test omitted by user request: VerifyEnterpriseReferences
        Test omitted by user request: VerifyReferences
        Test omitted by user request: VerifyReplicas
        Starting test: DNS
           DNS Tests are running and not hung. Please wait a few minutes...
           See DNS test in enterprise tests section for results
           ......................... WGDDC01 failed test DNS
     Running partition tests on : DomainDnsZones
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running partition tests on : ForestDnsZones
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running partition tests on : Schema
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running partition tests on : Configuration
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running partition tests on : wgd
        Test omitted by user request: CheckSDRefDom
        Test omitted by user request: CrossRefValidation
     Running enterprise tests on : wgd.inet
        Starting test: DNS
           Test results for domain controllers:
              DC: WGDDC01.wgd.inet
              Domain: wgd.inet
                 TEST: Authentication (Auth)
                    Authentication test: Successfully completed
                 TEST: Basic (Basc)
                    The OS
                    Microsoft Windows Server 2012 R2 Standard (Service Pack level:
   0.0)
                    is supported.
                    NETLOGON service is running
                    kdc service is running
                    DNSCACHE service is running
                    DNS service is running
                    DC is a DNS server
                    Network adapters information:
                    Adapter [00000010] Broadcom NetXtreme Gigabit Ethernet:
                       MAC address is B0:83:FE:C1:98:07
                       IP Address is static
                       IP address: 10.240.1.23
                       DNS servers:
                          10.240.1.23 (WGDDC01) [Valid]
                          10.240.1.24 (WGDDC02) [Valid]
                          127.0.0.1 (WGDDC01) [Valid]
                    The A host record(s) for this DC was found
                    The SOA record for the Active Directory zone was found
                    Warning: no DNS RPC connectivity (error or non Microsoft DNS s
  erver is running)
                    [Error details: 5 (Type: Win32 - Description: Access is denied
           Summary of test results for DNS servers used by the above domain
           controllers:
              DNS server: 10.240.1.23 (WGDDC01)
                 All tests passed on this DNS server
                 Name resolution is functional._ldap._tcp SRV record for the fores
  t root domain is registered
              DNS server: 10.240.1.24 (WGDDC02)
                 All tests passed on this DNS server
                 Name resolution is functional._ldap._tcp SRV record for the fores
  t root domain is registered
           Summary of DNS test results:
  Auth Basc Forw Del  Dyn  RReg Ext
              Domain: wgd.inet
                 WGDDC01                      PASS WARN n/a  n/a  n/a 
  n/a  n/a
           ......................... wgd.inet passed test DNS
        Test omitted by user request: LocatorCheck
        Test omitted by user request: Intersite
  C:\Users\dsmythe>ipconfig /all
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : WGDDC01
     Primary Dns Suffix  . . . . . . . : wgd.inet
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : wgd.inet
  Ethernet adapter WGD_INET:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
     Physical Address. . . . . . . . . : B0-83-FE-C1-98-07
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 10.240.1.23(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 10.240.1.1
     DNS Servers . . . . . . . . . . . : 10.240.1.23
                                         10.240.1.24
                                         127.0.0.1
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.{2C28B0FA-6BF8-4201-A6DA-081AED63B496}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  When I try to bind a machine to the domain I get an error message that says "
  The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "wgd.inet":
  The error was: "This operation returned because the timeout period expired."
  (error code 0x000005B4 ERROR_TIMEOUT)
  The query was for the SRV record for _ldap._tcp.dc._msdcs.wgd.inet
  The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:
  10.240.1.24
  10.240.1.23
  Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running.
  Please let me know if I'm missing something or if there are other things I can check.
  Thanks!
  I forgot to mention that after the 2003 domain controllers were out of the environment, I raised the domain and forest functional level to 2012 R2.  All clients in the environment are Windows XP Pro or above.  The XP Pro boxes will be going away as
  soon as our vendor supports their software to run on Windows 7.

  We now have 2 2012 R2 DCs. The 2003 DCs are gone. Metadata from the old DCs is all cleaned up. DNS seems to be working fine in 3 out of 4 subnets. The 4th is behind a hardware firewall and I can see the IP address of the machine I am trying to bind to the
  domain connecting to the two new domain controllers but the client machine that is trying to bind gives an error.  An Active Directory Domain Controller for the domain wgd.inet could not be contacted.  It seems that this is just a DNS issue for one
  particular subnet (10.240.2.0/24).  This subnet is setup in AD Sites and Services\Sites\Subnets\10.240.2.0/24 (Site: Default-First-Site-Name).
  When trying to do anything with nslookup from the 10.240.2.0/24 subnet it times out.  The route is there and I can watch it connect through our hardware firewall over port 53.
  DC01
  Microsoft Windows [Version 6.3.9600]
  (c) 2013 Microsoft Corporation. All rights reserved.
  C:\Users\dsmythe>netdom query fsmo
  Schema master               WGDDC01.wgd.inet
  Domain naming master        WGDDC01.wgd.inet
  PDC                         WGDDC01.wgd.inet
  RID pool manager            WGDDC01.wgd.inet
  Infrastructure master       WGDDC01.wgd.inet
  The command completed successfully.
  C:\Users\dsmythe>ipconfig /all
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : WGDDC01
     Primary Dns Suffix  . . . . . . . : wgd.inet
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : wgd.inet
  Ethernet adapter WGD_INET:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
     Physical Address. . . . . . . . . : B0-83-FE-C1-98-07
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 10.240.1.23(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 10.240.1.1
     DNS Servers . . . . . . . . . . . : 10.240.1.23
                                         10.240.1.24
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.{2C28B0FA-6BF8-4201-A6DA-081AED63B496}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  C:\Users\dsmythe>
  DC02
  Microsoft Windows [Version 6.3.9600]
  (c) 2013 Microsoft Corporation. All rights reserved.
  C:\Users\dsmythe>netdom query fsmo
  Schema master               WGDDC01.wgd.inet
  Domain naming master        WGDDC01.wgd.inet
  PDC                         WGDDC01.wgd.inet
  RID pool manager            WGDDC01.wgd.inet
  Infrastructure master       WGDDC01.wgd.inet
  The command completed successfully.
  C:\Users\dsmythe>ipconfig /all
  Windows IP Configuration
     Host Name . . . . . . . . . . . . : WGDDC02
     Primary Dns Suffix  . . . . . . . : wgd.inet
     Node Type . . . . . . . . . . . . : Hybrid
     IP Routing Enabled. . . . . . . . : No
     WINS Proxy Enabled. . . . . . . . : No
     DNS Suffix Search List. . . . . . : wgd.inet
  Ethernet adapter NIC1:
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
     Physical Address. . . . . . . . . : B0-83-FE-C1-9F-74
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
     IPv4 Address. . . . . . . . . . . : 10.240.1.24(Preferred)
     Subnet Mask . . . . . . . . . . . : 255.255.255.0
     Default Gateway . . . . . . . . . : 10.240.1.1
     DNS Servers . . . . . . . . . . . : 10.240.1.24
                                         10.240.1.23
     NetBIOS over Tcpip. . . . . . . . : Enabled
  Tunnel adapter isatap.{4F45E51E-FC2F-49ED-85CF-0750A9EEECF5}:
     Media State . . . . . . . . . . . : Media disconnected
     Connection-specific DNS Suffix  . :
     Description . . . . . . . . . . . : Microsoft ISATAP Adapter
     Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
     DHCP Enabled. . . . . . . . . . . : No
     Autoconfiguration Enabled . . . . : Yes
  C:\Users\dsmythe>

• Can I remove all but the last "Mac OS X Server certificate management" application password from my System Keychain?

  I am slowly nursing a broken Montain Lion Server back to health. The problems started with a name change days ago then went sour, probably because of some stuff in the keychain that tripped the commands up.
  I have now a trusted Root CA in my System Keychain which has signed my wildcard Certificate for my domain and all my services are protected by this wildcard certificate. Creating and installing that certificate helped me back (slowly) but there are still problems to solve
  I also have set the com.apple.servermgrd identity preference to this (now trusted) wildcard certificate a few minutes ago
  I am busy cleaning as much as possibe of junk from my Keychains to improve stability, of course without damaging things (I hope)
  There are 19 "Mac OS X Server certificate management" application passwords in my System Keychain.
  12 are from 9 days ago when I installed this clean OS X Mountain Lion Server for the first time, created within a minute during server install.
  1 from 6 minutes later, maybe when I turned on a Service
  2 are from that day, but 2 and 3 hours later (also probably because of something I did in Server.app, like enabling a service)
  1 from 2 days later (probably when I tried to change the server name/domain)
  1 from again 5 days later (probably when I tried to change the server name/domain again)
  1 from yesterday, when I changed the servername
  1 from today, when I changed the server name again.
  What are these application passwords for and can I safely remove all but the last one? What are they for?

  I went ahead and remove them a month ago. So far, there don't seem to be any issues. As long as you double-triple-check that the hash-number in those "Mac OS X Server certificate management" keychains _aren't_ in the filename of any of the *.pem files in the /etc/certificates folder, you can delete those orphan keychains.

• I have imac 10.6.8 how to add it to my domain server windows 2003

  i have imac 10.6.8 how to add it to my domain server windows 2003
  and .
  i cant find the directory access any

  One option is to create a new partition (~30- 50 GB), install the new OS, and ‘test drive’ it. If you like/don’t like it it, you can then remove the partition. Do a backup before you do anything. By doing this, if you don’t like it you won’t have to go though the revert process.
  Check to make sure your applications are compatible.
  Application Compatibility
  Applications Compatibility (2)

• Remove Personal Domain Problem

  Hi. I had a personal domain setup and it was working fine. I recently removed the domain from my .Mac account. iWeb still thinks it is publishing to the domain, and shows the little green indicator light at the bottom with my domain. After it publishes, the Visit Site button tries to load up with my domain and not with the .mac address.
  How can I get it to revert to the .mac address mode?

  I'm pretty good on computers but my dad asked him to help him with a Mac problem so here I am...
  Our good friend has built our website from his computer at his house, me and my dad need to be able to edit the website using iWeb (the same program our friend uses) so we can make appropriate changes...
  We can log into the .Mac the same one that our friend uses but we can't figure out how to actually "load" the work our friend has already done so we can add to it and edit it...
  Any advice is appreciated

• Can we run domain controller windows 2008 32 bit and additional domain controller on 2003 server

  im my environment we are trying to upgrade from server 2k3 to 2k8, out testing done on server 2k3 to 2k8, but can we run domain controller windows 2008 32 bit and additional domain controller on 2003 server ...kindly suggest
  Nitin Gaurav
  [email protected]

  Yes you can. If you have two 2003 AD servers currently and upgrade one of them to 2008 AD then they'll continue to be able to work together. The domains functional level will remain as 2003 across both servers so at this stage you won't get any benefit from
  the new AD functionality available in 2008.
  Once you've then upgraded the second 2003 server to 2008 you can then upgrade the functionality levels in AD to make it 2008. It's been a while, but I believe it doesn't happen automatically, so once all AD servers have been upgraded you have to go into
  AD and upgrade the functionality levels yourself.

• Installing a Windows 2012 Domain Controller into a 2000/2003 domain with Exchange 2003

  Hello,
      I have a client that we are planning to migrate to 2012 over time.  They currently have a Windows 200 DC and 2 member servers running Windows 2003, one of which is running Exchange 2003.
      We first are going to introduce a 2012 server into the domain and my plan was to DCPromo the 2003 server that isn't running Exchange and raise domain level to 2003 and then demote the 2000 server.  I was then going to install the
  2012 server into the domain and make it a backup Domain Controller for the time being and leave the newly promoted Windows 2003 server as the primary Domain Controller with all the roles and global catalog.  My question is will Exchange 2003 still function
  normally in this scenario?
     I've been doing research and read some things about Exchange 2003 not working with 2012 Domain Controllers, but I was thinking if the 2003 is still the primary, it might work.  We will eventually migrate to 2003, they just don't want to
  do it all at once, due to costs and other issues.
  Thanks.

  I didn't ask if it was supported, I just wanted to know if Exchange 2003 would continue
  to function if the Windows 2003 DC still held all the FSMO roles and Global Catalog.
  A not supported situation means that it is a situation where Microsoft made no testing or do not guarantee that you can operate with no problems. Following a not supported scenario could be done but is on your own risk.
  If it won't, can the 2012 server be a member server in the 2003 AD?  The 2000
  DC it is replacing, just shares files on the network in addition to being the lone AD server
  Yes, it can be a member server.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Remove FOPE Domain/O365 Domain (Admin needed) - Causing Email issues.

  Good Morning,
  Long time ago (2007) I messed around setting up FOPE but did not do much with it, which is or currently transitioning to Office 365? Anyways, I logged into FOPE yesterday based on some help from another company that has been unable to email us, said they
  talked to Microsoft and the rep saw we had a FOPE account setup with mail server settings pointing to our old Exchange Server.. Turns out the company and many other companys that can't email us are using FOPE/O365 and Microsoft internally is using those settings
  to route mail to our old On-Premise Exchange Server and not picking up our new MX record.
  We have since transitioned to Google Apps (thus the new MX record), but from what we see - O365 Customers look like they are being routed  to the old Exchange Server based on those settings.. It looks like FOPE is set in a "read only" mode,
  I cannot change the MX record, or IP addresses to route mail to.. I would like to formally request the deletion of the Domain from both O365 and FOPE, this should resolve our Email issues. The domain in question is bangorschools DOT org
  I have logged into O365 and deleted the domain leaving the onmicrosoft domain, but It doesnt look like I can do anything with FOPE.. Even if I could just change the IP address to point to google, or someone at Microsoft can remove the account all together?
  Thank you,
  Kyle

  Hi,
  when you have been transitioned to EOP your FOPE-settings will be readonly. So you should contact FOPE/EOP support for help to remove your domain from FOPE, they can do changes.
  Greetings
  Christian
  Christian Groebner MVP Forefront

• Remove orphaned domain

  I have a domain called Ixxxx.com with two domain controllers in a clustered environment.  i added another domain called dxxxx.com .  the domain dxxxx.com crashed and i had to format the server. now when i try to create a new domain in existing
  forest with the name dxxxx.com it says "The name dxxxx.com is already in use on the network. type a name that is not in use."
  how do i remove any reference to dxxxx.com and then recreate a domain with the same name in existing forest ?
  Please Help

  Hi William,
  Checkout the below link on Microsoft KB article for completely removing a orphaned domain controller,
  http://support.microsoft.com/kb/555846/en-us
  Checkout the below
  thread on similar issue,
  http://social.technet.microsoft.com/Forums/en-US/187c9cad-4b1d-49d6-beca-d3c02fe1a2d4/remove-orphaned-domain?forum=winserverDS
  Regards,
  Gopi
  JiJi Technologies

• The Best Way to Restore a DC if it is removed from Domain

  Good Day,
  I have 2 Windows Server 2008 R2 DC's in my network and I am trying to upgrade 1 of them to Server 2012 R2. The DC being replaced is also running Certificate Services. To do this I will need to remove AD from the DC as well as remove CA and remove it from
  the domain. I plan on backing up and restoring Active Directory/Certificate Services to the new Server 2012 box with the new server using the same name as the old DC.
  I am worried about this transition because if something goes wrong I will have to not only restore from backup I will have to restore the computer object in AD as well.
  Would the best strategy be:
  Backup AD using ntdsutil
  Uninstall AD and CA from DC01
  Remove DC01 from domain
  ** failure occurs **
  Restore DC01 computer object in AD on DC02 using ntdsutil authoritative restore
  Restore full OS on DC01 from tape backup
  The problem I have with this is all of the setting in Sites and Services will still be gone because of the removal of AD from DC01. I am also thinking about simply taking snapshots of the 2 DC's as they are both Virtual Servers in Hyper-V
  Another Strategy (Not approved of as snapshot is NOT a backup):
  Snapshot both DC01 and DC02
  Uninstall AD and CA from DC01
  Remove DC01 from domain
  ** failure occurs **
  Revert back to pre-removal snapshot of DC02
  Revert back to pre-removal snapshot of DC01
  Any help would be awesome!
  Antony

  Hi,
  First at all,
  we don’t recommend to
  install CA on a DC. This is because if the DC corrupt and need to demote, we need
  to uninstall the CA role first. If you want to install the CA on a DC, please follow below steps:
  Clean install a new windows 2012 server and add it to domain as domain member.
  Promote this new windows 2012 R2 server to DC.
  Step-by-Step Guide for Setting Up A Windows Server 2012 Domain Controller
  http://social.technet.microsoft.com/wiki/contents/articles/12370.step-by-step-guide-for-setting-up-a-windows-server-2012-domain-controller.aspx
  Transfer or seize FSMO roles from old windows 2008 R2 DC to new windows 2012 R2 DC
  How to view and transfer FSMO roles in Windows Server 2003
  http://support.microsoft.com/kb/324801/en-us
  Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controllerhttp://support.microsoft.com/kb/255504/en-au 
  Back up CA from 2008 R2 server with steps below:
  Backing up a CA database and private key.
  Backing up CA registry settings.
  Backing up CAPolicy.inf only if we install our CA by using it.
  Removing the CA role service from this server.
  Restoring the CA database and configuration on new server.
  Verifying the migration:
  Verifying certificate enrollment
  Verifying CRL publishing
  For more information please refer below articles:
  AD CS Migration: Preparing to Migrate: 
  http://technet.microsoft.com/en-us/library/ee126102(WS.10).aspx
  Migrating the Certification Authority: http://technet.microsoft.com/en-us/library/ee126140(WS.10).aspx
  Performing Post-Upgrade or Post-Migration Tasks: http://technet.microsoft.com/en-us/library/cc742471(v=ws.10).aspx
  5. After that,  make the old 2008 DC offline for a while. If everything things are working fine, you can then demote the windows 2008 DC.
  Thanks.

• What note when remove an Domain controller from Existing Domain!!!

  Dear everybody,
  My company has 3 Domain controllers at the moment.
  all of them have some functions: DHCP, DNS.
  Now, we have plan to remove an DC/
  So, What note we need to pay attention when remove one of them?
  Thanks for your help!!!

  1. Migrate DHCP first. Using below command
  netsh dhcp server export C:\dhcp.txt all       -old Server
  netsh dhcp server import C:\dhcp.txt all       -New Server.
  2. Enable DNS debug log & see which client still pointing the old DC.
  http://technet.microsoft.com/en-us/library/cc759581%28v=ws.10%29.aspx
  3. Change the DHCP Scope accordingly.
  HTH
  Biswajit
  Regards,
  Biswajit
  MCTS, MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, Enterprise Admin, ITIL F 2011
  Blog:
    Script Gallary:
  LinkedIn:
  Note: Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights..

• Will the email client on my MacBook Pro remove mail from my Exchange 2003 in order to receive it?

  I just received my new MacBook Pro yesterday and I have an Exchange 2003 server that I would like to work with the email client. now I know some email clients in certain modes will download the mail from the mail server removing it from there at the same time. My question is will the email client remove the mail from the server in order to receive it? I want the mail to remain in the mailbox so I will still have it available at my office later. I am honestly not certain what version of OS X it is, and I don't have it handy, but I just bought it last week. Thanks!

  Try trash the com.apple.iPhoto.plist file from the HD/Users/ Your Name / library / preferences folder. (Remember you'll need to reset your User options afterwards. These include minor settings like the window colour and so on. Note: If you've moved your library you'll need to point iPhoto at it again.)
  What's the plist file?
  For new users: Every application on your Mac has an accompanying plist file. It records certain User choices. For instance, in your favourite Word Processor it remembers your choice of Default Font, on your Web Browser is remembers things like your choice of Home Page. It even recalls what windows you had open last if your app allows you to pick up from where you left off last. The iPhoto plist file remembers things like the location of the Library, your choice of background colour, whether you are running a Referenced or Managed Library, what preferences you have for autosplitting events and so on. Trashing the plist file forces the app to generate a new one on the next launch, and this restores things to the Factory Defaults. Hence, if you've changed any of these things you'll need to reset them. If you haven't, then no bother. Trashing the plist file is Mac troubleshooting 101.
  If that fails:
  Option 1
  Back Up and try rebuild the library: hold down the command and option (or alt) keys while launching iPhoto. Use the resulting dialogue to rebuild. Choose to Rebuild iPhoto Library Database from automatic backup.
  If that fails:
  Option 2
  Download iPhoto Library Manager and use its rebuild function. This will create a new library based on data in the albumdata.xml file. Not everything will be brought over - no slideshows, books or calendars, for instance - but it should get all your albums and keywords back.
  Because this process creates an entirely new library and leaves your old one untouched, it is non-destructive, and if you're not happy with the results you can simply return to your old one. .
  Regards
  TD

• Removing admin password form Access 2003 database front end and back end

  We have a legacy database that has been passed down from the original creator, who is no longer with the organization. It was created in Access 2003. It has a front end and a back end. The original admin password can not be located and we are in the process
  of upgrading this application to 2010.  Is there a way to remove that password so we can make changes to the original files?

  Hi,
  What password are you talking about, the one created with the workgroup manager? That will be difficult since 2010 doesn't have the workgroup manager anymore. You can still use the database in the 2010 environment but you can't make any changes to the original
  database without the password.
  Maurice

• Need to remove oracle 9i from win 2003 svr

  Hi Guys,
  I have a rogue install of oracle 9i on a windows 2003 server box. It was installed as part of a package from a vendor. But during the setup the deal went south and the oracle install was never removed. I arrive on the scene much later and go to remove it. Universal installer (version 2.??) removes a few components (itself included) and then errors saying "this component was installed with installer 10.2.?? cant remove" I am currently downloading the first disk of the oracle9 db and hope that running the installer from that download will let me remove the rest..Is it going to work for me or will there be some issues with oracle being somewhat butchered as it stands. I need to remove the db any number of reasons. is there a guide on how to manually remove all traces of oracle from a server incase the installer fails?
  Regards Dave

  Thanks Neil. But as we never really had the software setup I dont have a cal number or what ever they call it to login to metalink. if someone would get the note and email me a copy that would be above and beyond the call of duty...but it would sure be helping me out.???