I have never been to heavily involved with managing AD2003 domain controllers.
Now I get a broken domain dumped in my lap.
I need some advice how to proceed.
Here is the story:
Earlier today I inherited an old, badly managed, 3 server domain from another division.
(It was operated by an outsourced service-provider that went belly-up a year ago, since then it went uncared for.)
2 Windows 2003R2 DC's and a 2003R2 server running 1 application and SQL2000 server.
During the physical transport of the hardware 1 DC broke beyond repair. There is, as you probably already guessed, no backup at all.
The remaining 2 machines booted up and on both the ip-address was changed to a new address in my own range. After that both machines were rebooted once. DC first and the application server only after the DC had fully booted.
I have Domain Admin access to this domain. I can login to both surviving servers.
Both servers take ages (DC 15 minutes, app server 10 minutes) boot to a login prompt. After login it takes ages to get to a desktop (another 5-10 minutes).
Now it is my problem: I need to get that application running again until the end of the year.
First order of business seems to get rid of the failed DC. Then start doing cleanup on these servers (there are a lot of leftovers of removed an/or partially disabled applications on both).
Thing is: I'm not sure about how to do the DC removal.
Do i need to do dcpromo first, then ntdsutil/remove server ?
Just ntdsutil/remove server ?
Has the changing of ip-addresses impact on this ? (I can temporarily put the old ip-addresses back if needed.)
This domain, by the way, had a trust-relation with our normal domain. Does this impact the DC removal ?
Does something needs to be done regarding this trust-relation because of the ip-address changes ?
Any help will be highly appreciated.
UPDATE
I fixed the DNS issues on both machines. Primary DNS on DC and app-server now point to DC itself. And I updated the DNS records for both machines in the DNS.
(I can't make a proper reverse PTR for either machine. Don't know how problematic that is going to be. The new ip-range isn't in the reverse zones here and this DC isn't allowed to update reverse pointers if I add the zone as a copy.)
This seems to have cured the excessive slowness of both machines.
Remote desktop logons are functional now. Still a bit sluggish but apparantly that was already the case before everything got messed up.
I'm now waiting for user-feedback regarding the application.
Removing the failed DC should probably be the last thing you care about right now.
You changed the IP address of the DC, which is presumably also the DNS server for the domain. You need to reconfigure the DC itself to use itself for a DNS server, and of course you have the reconfigure the client to use the DC as the DNS server.
If the DC is not a valid DNS server for the domain, you'll have quite a bit more work to do of course.