Back story.
So we had a development engineer (who just happened to have access to a domain admin account) who set up a handful of DHCP servers on our domain. This caused headaches, as the new DHCP servers were authorized on our domain and made authoritative.
These servers are temporary and are being moved to another third-party site. We've cleaned up the headaches and worked out a timeline to unauthorize them before the move. My job is to unauthorize the servers when the time comes to move them and to clean up any leftovers.
One server has already been decommed (role removed and removed from domain). That means this has to be my order of operations (for the first server):
1. Remove DHCP serve role from rogue server.
2. Remove rogue server from our domain.
3. Unauthorize rogue server in DHCP mmc.
I would prefer to unauthorize the server before removing the role from it. I can do so with the other 2 servers that are moving at a later date. Moving on...
Another sys-admin was working this before me, she expressed concern that AD would sync AD information/objects with the DHCP servers. I'm not aware of AD syncing anything to a DHCP server, but this other sys-admin mentioning it has me (and my manager) worried. My manager wants to be completely sure that there is no AD data on the rogue servers once they are decommed and moved out, including any references to the domain account that the DHCP service was running under. It seems rebuilding the servers (to cleanly eliminate any security worries after moving them off-site) is not an option. I do not (yet) know which version of Windows Server they are running.
So the question(s):
What needs corrected or cleaned up with the order of operations?
Is there any AD data (including logs, though their location is usually pretty standard) that I need to clean up from the decommed DHCP servers?
Will there be any references to the domain account that the DHCP service ran under and where will I find those to clean them?
Nothing
No. There's no AD data in the DHCP database, AD data is in the AD database.
Typically, DHCP isn't run as a service account. If it was set up so, look at the damned servers and see what the DHCP Server service is running as.
You're definitely over-thinking this, FYI.
If the DHCP servers were added to the domain, then there will definitely be references to the domain after they have been removed from it. The only safe way to guarantee there is no AD data on the server is to wipe the disks and reinstall windows (though it may still be possible to get the data back with the use of data recovery software).