Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: How to removing forcibily child domain in win2003 Active Dir

How to removing forcibily child domain in win2003 Active Dir 10 years 3 weeks ago #18070

  • jayveshne
  • jayveshne's Avatar
  • Offline
  • New Member
  • Posts: 17
  • Karma: 0
Hi people!

I would really appriciate if any one helps me.

I have domain called "master.com" having 3 domain controllers (1 PDC and 2 addtional). recently i added child domain called "Child.com" to master.com domain (ie. Child.master.com)

Due to unfortunate reason i had to format "Child.com" only Domain controller without proper demotion.

Now there is not Child.com controller in network. But My Activer Directory is still holding "Child.com" Entry.

My question is how to get rid of this obsolute entries or revert back to only single Master.com domain in network.

Thank a lot for your answers
The administrator has disabled public write access.

Re: How to removing forcibily child domain in win2003 Active Dir 10 years 3 weeks ago #18077

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Hi there,

Firstly, you will need to tidy the Directory up using the NTDSUTIL. This document should take you through the process http://support.microsoft.com/kb/216498/en-us

Secondly, you will need to ensure that the DNS records are removed. Make sure you remember the GUID referencies in DNS also.

Cheers

Wayne
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Re: How to removing forcibily child domain in win2003 Active Dir 10 years 3 weeks ago #18080

  • jaiwardhan
  • jaiwardhan's Avatar
  • Offline
  • New Member
  • Posts: 19
  • Karma: 0
Yup Smurf is right you will need to follow the KB article to clear out the metadata of the crashed server.

Besides following the artilce 216498 you will also need to follow this article for removing the domain completely.

How To Remove Orphaned Domains from Active Directory - support.microsoft.com/kb/230306

Though the article looks overwhelming but it's quite easy to follow. Hope this helps.
The administrator has disabled public write access.

Re: How to removing forcibily child domain in win2003 Active Dir 10 years 3 weeks ago #18122

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Hi PPl
The issue is I had created one domain as Engine.com and a child domain as clutch.engine.com
Due to some reasons I had to format clutch.engine.com and I have removed some entries from DC (Engine.com) however in Active Directory Domains and trust I am unable to remove clutch.engine.com
I refered http://support.microsoft.com/kb/230306
however I am unable to follow the step where it says connect connect to server servername as I already removed child domain and it no more exists

I would appriciate if anyone is able to resolve this issue
Thanks in advance

N.B. Quote was taken from a different thread so the discussion has been brought into this one.

Hi,

If you re-read the KB Article, the servername it is refering to is the server in your Active Directory Forest that is Domain Naming FSMO. The article walks through determining this server.
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.

Issue resolved 10 years 3 weeks ago #18126

Hey Guys
As I already mentioned that I was unable to resolve the issue by the steps provided in
support.microsoft.com/kb/216498/en-us
support.microsoft.com/kb/230306

I googled for this issue and after trying many solution i came across something which works .
I hope it will help others also so I m sharing the step with u

1. Click Start, click Run, type ntdsutil, and then press ENTER.
2. At the Ntdsutil command prompt, type domain management, and then press ENTER.
3. Type connections, and then press ENTER.
4. Type connect to server Domain_Controller_Name, and then press ENTER.
5. After the following message appears, type quit, and then press ENTER:
Connected to Domain_Controller_Name using credentials of locally logged on user
6. At the domain management prompt, type list, and then press ENTER.
7. Note the following entry:
DC=DomainDnsZones,DC=Child_Domain, DC=extension
For example, if the child domain is Contoso.com, note the following entry:
DC=DomainDnsZones,DC=contoso,DC=com
8. Type the following command, and then press ENTER.
delete nc dc=domaindnszones,dc=Child_Domain,dc=extension
Note In this command, Child_Domain represents the name of the child domain that you want to remove. For example, if the child domain is Contoso.com, type the following command, and then press ENTER:
delete nc dc=domaindnszones,dc=contoso,dc=com
9. Quit Ntdsutil.



I did the same And it worked :D
The administrator has disabled public write access.

Re: How to removing forcibily child domain in win2003 Active Dir 10 years 3 weeks ago #18127

  • Smurf
  • Smurf's Avatar
  • Offline
  • Moderator
  • Posts: 1390
  • Karma: 1
Just out of interest, at what point did it fail in knowledge base http://support.microsoft.com/kb/230306 and what was the erorr (if you can remember) ?

Glad its sorted and thanks for sharing the info with the rest of the group, i'm sure it will be used again and again :)
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.091 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup