No the SIDs in the ACEs remain so they will resolve again once you rejoin the box.
That said I don't think you actually need to unjoin the box to do the metadata cleanup. Thanks, Brian Desmond [email protected] c - 312.731.3132 From: Jim Slattery [mailto:[email protected]] Sent: Thursday, July 22, 2010 2:45 AM To: NT System Admin Issues Subject: RE: Removing missing DC metadata Exactly my concern. Another option I've considered is to rename the file server, then run the steps, then rename it back. (We have processes that copy files both to and from this server based on servername). Jim Slattery Systems Administrator, MEDEX Global Group 410-308-7931 From: Erik Goldoff [mailto:[email protected]] Sent: Wednesday, July 21, 2010 2:41 PM To: NT System Admin Issues Subject: RE: Removing missing DC metadata But if a file server and removed from the domain, aren't domain-specific permissions lost when removed from the domain ? Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' From: Don Ely [mailto:[email protected]] Sent: Wednesday, July 21, 2010 2:30 PM To: NT System Admin Issues Subject: Re: Removing missing DC metadata +1 remove the server from the domain, run the steps, add it back and you should be fine... On Wed, Jul 21, 2010 at 11:18 AM, Don Guyer <[email protected]<mailto:[email protected]>> wrote: I think if you move the current computer into a workgroup, make the changes in AD, then put it back into the domain you'll be fine. Others may have additional input. Don Guyer Systems Engineer - Information Services Prudential, Fox & Roach/Trident Group 431 W. Lancaster Avenue Devon, PA 19333 Direct: (610) 993-3299 Fax: (610) 650-5306 [email protected]<mailto:[email protected]> From: Jim Slattery [mailto:[email protected]<mailto:[email protected]>] Sent: Wednesday, July 21, 2010 2:11 PM To: NT System Admin Issues Subject: Removing missing DC metadata We have a file server that shares a name with an old DC that failed. Instead of removing the metadata for the DC, someone just installed a new server with the same name. That name now unfortunately is held by our main file server. I need to remove the DC metadata, but need to leave the server up and running. My question is this... if I run this kind of operation: http://www.petri.co.il/delete_failed_dcs_from_ad.htm or http://support.microsoft.com/kb/216498 ...is the current server still going to be in the domain as a member server? I haven't slept well in a few days, and I'm exhausted, so if the answer to this question is obvious, please don't beat up on me too much. I just don't want to create more problems while trying to solve another. TIA Jim Slattery Systems Administrator, MEDEX Global Group 410-308-7931 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
