Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to delete the old DC. Many people may not know much about it. In order to make you understand better, the editor has summarized the following for you. I hope you can get something according to this article.

The importance of the domain controller (Domain Controller, DC) is self-evident to the administrator, but how do you want to delete the old DC and how to do it? The steps are described below.

Delete the server before you can delete the DC. If you unfortunately need a new DC with the same name as the original DC, you must use the NTDSUTIL command to delete the object information in the AD before you can create a new DC. The specific operations are as follows:

Ntdsutil metadata cleanup connections connect to server quit select operation target list site select site list domains select domain list servers in site select server remove selected server

With the above command, you can delete the broken DC information. For more detailed information, please refer to the help of NTDSUTIL to perform NTDSUTIL? You can read the help information.

Note: before deleting the original DC, make sure that the original DC does not contain any roles. If so, use the NTDSUTIL command to capture the roles as follows:

Ntdsutil

Roles

Seize domain naming master-overwrite domain roles on connected servers

Seize infrastructure master-overwrite structural roles on connected servers

Seize PDC-overwrite the PDC role on a connected server

Seize RID master-overwrite the RID role on a connected server

Seize schema master-overwrite the schema role on the connected server

The DC who has been seized cannot reconnect to the network until the operating system is reinstalled!

Restore AD from backup

Restoring AD from a backup file is a good fit. However, pay attention to the restore mode used, and remember to use the authorized recovery model if you recover information about incorrect operations.

Note:

Expired backups: as mentioned earlier, AD backups cannot restore 60-day-old data. If you need to restore 60-day backups, you need to modify the global marking time as required by KB216993 before you can restore. Its location is in AD.

CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=COMPANY,DC=COM, named: tombstoneLifetime, this operation requires direct editing of AD data, you can use tools such as ADSI,LDP.

Note: please operate carefully!

Restore on different hardware: in general, it is not recommended that you restore AD backups to different hardware, unless you confirm that the hardware of the new machine and the original machine is basically constant, and use the same hardware abstraction layer file (HAL).

Remote backup and restore: after the BOOT.INI file, you can add the / safeboot:dsrepair command option to boot the remote machine into recovery mode.

After reading the above, do you have any further understanding of how to delete the old DC? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.