Pular para o conteúdo principal

Removing a read-only domain controller from a domain

Removing a read-only domain controller from a domain: "

Active Directory is a great product, except that it doesn’t natively do housekeeping functions for you. In my home lab, I noticed that I had an obsolete domain controller enumerated in the site (running at Windows Server 2008 R2 level). It may seem risky to delete a domain controller from the Active Directory Sites And Services utility because domain controller accounts are handled differently in Active Directory.


In my example, the domain controller RODC has been decommissioned but not removed from the RWVDEV.INTRA domain (Figure A).


Figure A



Click the image to enlarge.

The natural conclusion may be to simply delete the computer account. Active Directory associates a number of special characteristics with a domain controller. In the case of the RODC.RWVDEV.INTRA system, it was a read-only domain controller. Figure B shows the options associated with the deletion of the computer account.


Figure B



The first and second options to reset passwords for computer and user accounts cached on the read-only domain controller is a nice security feature, but it will surely create havoc if implemented. If the read-only domain controller was stolen or removed from the control of the infrastructure teams, this is the way to go.


The third option to export the list of the accounts cached on the domain controller can give you a more granular view to the system contents at the time of computer account deletion. Figure C shows the final warning message before this intrusive activity.


Figure C



In a default configuration, the read-only domain controller is also a global catalog server; there should be at least one other domain controller with the global catalog role (which should be the case anyway). Once the computer account is deleted from Active Directory Users And Computers, the domain controller should be removed from Active Directory Sites And Services. It will now be enumerated without any roles associated with it (Figure D).


Figure D



Click the image to enlarge.

The final step is a simple right-click and delete of the obsolete domain controller in Active Directory Sites And Services. At that point, removing the read-only domain controller is complete.


Did you try the read-only domain controller and back it out? If so, share your comments about the experience.





"

Comentários

Postar um comentário

Postagens mais visitadas deste blog

Favigen, Favicon Generator

Favigen, Favicon Generator : " Favicons are small icons that help identify websites. They are used as a visual representation of a website both in the web browser and at many online services. The three most prominent locations of favicons are the browser’s address bar, the tabbar and the bookmarks folder. Many webmasters like to create custom favicons to add that custom identifier to their website. Favicons can be created in many image and icon editors, but also online. Favigen is a straightforward favicon generator that can turn an image into a favicon. All that it takes is to pick an image from the local hard drive first, select the dimensions of the favicon and click the submit button to make the service generate the favicon. Favigen supports several image formats, including jpg and png, and it does not seem to have size restrictions either. Available image dimensions range are 16×16, 32×32 and 64×64. The generated favicon is displayed directly on the page. A click on do...
Postar um comentário
Leia mais

A simple rsync script to back up your home directory

A simple rsync script to back up your home directory : " Backing up important data is obviously something we should all do. Unfortunately, it is not always easy to make it happen. We get lazy; we do not have the additional hardware for a backup server; it takes a long time and a lot of CDs to back up to optical media; we do not trust online backup services; backup schemes are difficult to set up and use — any of dozens of reasons can stand in our way. Still, we know we should be backing up our important data. Modern open source Unix-like operating systems offer a plethora of options for incredibly simple, effective backup schemes, however. If the problem is figuring out how to set one up, a simple rsync solution may be exactly what you need. The rsync utility is used to synchronize files between two systems. It does so by way of incremental copies, only copying from the source to the destination what has not already been copied there, saving time, network bandwidth, and syst...
Postar um comentário
Leia mais

Google Wave now open to the public: faster, Robots and Gadgets aplenty!

Google Wave now open to the public: faster, Robots and Gadgets aplenty! : " Filed under: Internet , Google If you somehow missed it, Google Wave is now a bonafide Labs project: rather than being an invite-only alpha, it's now a public beta test! If you don't already have an account, just head on over to Wave and use your regular Google login details. If you've not seen any of the Google Wave introductory videos , you should check them out -- they explain the whole thing a lot more succinctly than I ever could. Wave has also been enabled for Google Apps domains -- businesses could convert their internal communication to Waves today! Leading up to this public release there have a lot of changes. It's by no means finished, but Google Wave is now a lot faster . It's also more intuitive -- more useful -- and given the large number of Robots and Gadgets now reaching prime-time readiness, it feels like the mass adoption of Wave is imminent. Also, if you're an ol...
Postar um comentário
Leia mais