Windows Server Standard removal from Domain

nato

Active Member
Hi Guys

Will apologise in advance for the vagueness of what I am about to ask.

First of all, I will tell you what I have, and what I have done/planned to do.

I have a server that is running Windows Server Standard. It has Active Directory installed and the client PC's are connected to the domain.

I have removed all of the PC's from the domain and set them back to Workgroup as a domain is no longer needed.

What I want to do is have the computer back onto a workgroup instead of having a domain.

I have done some research but its better to ask the experts. What do I need to do in order to do this, and what will I need to know before I do this.

I intend on setting up brand new user accounts as I have read by doing this it will delete all the user accounts, will I still have access to the Administrator account after I have removed it from the domain?
 
1. You have Windows Server Standard {03, 08, 08r2, 12, 12r2 or hyper-v}?

2. If you put the server into a workgroup it will still be able to communicate with other systems which are also in that workgroup as long as the network addresses are set but it won’t be in charge of that workgroup by default.

3. Read this for setting up a (free) hyper-v server on a home workgroup… http://www.msserverpro.com/installi...ing-the-hvremote-tool-in-workgroup-scenarios/

What is it that you want to be able to do with this system?
 
What I want to do is have the computer back onto a workgroup instead of having a domain.

What do I need to do in order to do this
From the Run box just type dcpromo again and step through the removal process.
will I still have access to the Administrator account after I have removed it from the domain?
Yes... installing Active Directory does not impact the machine's local adminstrator's account you should still be able to log on locally as you did before promoting the server to an active directory domain controller.
You may also want to consider removing other rolls as well, depending on, as ussnorway has already asked, what your intentions are for the machine in the future.
Typically as a file and printer server in a workgroup you won't have much need for things like DNS, WINS, DHCP, etc., again depending on the roles you already had assigned to the machine.
 
1. You have Windows Server Standard {03, 08, 08r2, 12, 12r2 or hyper-v}?

What is it that you want to be able to do with this system?

I believe it is Windows Server Standard 08

Basically, we are turning it into a terminal server, and we no longer need it to be on a domain. Its main purpose really is to access files and documents but also to access programs like MYOB.


From the Run box just type dcpromo again and step through the removal process.

Yes... installing Active Directory does not impact the machine's local adminstrator's account you should still be able to log on locally as you did before promoting the server to an active directory domain controller.
You may also want to consider removing other rolls as well, depending on, as ussnorway has already asked, what your intentions are for the machine in the future.
Typically as a file and printer server in a workgroup you won't have much need for things like DNS, WINS, DHCP, etc., again depending on the roles you already had assigned to the machine.

I started off that process yesterday, but stopped when it said it would delete all user accounts, just wanted to make sure what I was getting into before I made a mistake

How do I check to make sure the local administrator account is still intact and to make sure i still remember the password that was used. The server was doing DNS as well so I can remove that, dont believe it was doing WINS or DHCP. We have added the terminal server role to the list of roles, but was not going to remove others before I knew what I was doing
 
How do I check to make sure the local administrator account is still intact and to make sure i still remember the password that was used.
Just log on locally with the local administrator's account
MachineName\Administrator
and then
The Password for the local administrator. But I'm pretty sure, unless you've done something to disentangle the two accounts they are likely going to remain the same. Additionally when you actually run dcpromo again to demote the domain controller and clear out all the active directory stuff, I do believe that it prompts you for a new administrator's password for the machine during that process.... it's been a while and it may vary depending on the version of server.
See attachment
LocalLogOnToDomainController.PNG
 
Last edited:
I tried logging onto the server using Computername\Administrator, but for some reason it doesnt appear to be accepting the password, is there a way i can change the local Administrator password so i dont get locked out when i set it back to workgroup?
 
I'm sorry, I've taken this about as far as I can, including explaining that you will in all likelihood be prompted during the demotion process for a brand spanking new local administrators password.
At some point you're going to have to take the leap.
If you're just completely scared to death, perhaps create an image so if worse comes to worst then you'll have a strong fall back position.
AOMEI Backupper should do the trick for you. http://www.backup-utility.com/free-backup-software.html
 
Ah sorry, yes, you did mention about the likelyhood about the demotion process, for some reason i missed that information the first time, i dont mind taking the leap, just like to get plan b's if something fail ha ha ha.

Thanks so much guys for your help with this one, ill now mark this thread as solved :)
 
Running dcpromo does not remove any local accounts but yes you could set a new admin password before and that would carry over. Therefore the order would be something like;

1. Remove any other unwanted roles (dhcp, dns etc).

2. (optional) Right click on the administrator user and “reset password” to something like “Pas$w0rd”.

3. Run dcpromo.exe, put ticks in delete files and enter the (new) administrator password when asked.

4. Reboot.

5. Remove the active directory roll and reboot.

6. Log in as administrator (this is now a local account) with the same password i.e. “Pas$w0rd” in this example.

7. You can add new local users from the “computer management” console… this could be inside the “administrative tools” tab on the control panel or its own directory depending on how the server was originally setup.
 
Back
Top