Technically since they ask you to remove the computer object that would be the only reason I would do it, but I'd be inclined to try it without removing the computer object first...
On Wed, Jul 21, 2010 at 6:32 PM, Brian Desmond <[email protected]>wrote: > *No the SIDs in the ACEs remain so they will resolve again once you > rejoin the box.* > > * * > > *That said I don’t think you actually need to unjoin the box to do the > metadata cleanup.* > > * * > > *Thanks,* > > *Brian Desmond* > > *[email protected]* > > * * > > *c - 312.731.3132* > > * * > > * * > > *From:* Jim Slattery [mailto:[email protected]] > *Sent:* Thursday, July 22, 2010 2:45 AM > > *To:* NT System Admin Issues > *Subject:* RE: Removing missing DC metadata > > > > Exactly my concern. > > > > Another option I’ve considered is to rename the file server, then run the > steps, then rename it back. (We have processes that copy files both to and > from this server based on servername). > > > > *Jim Slattery* > Systems Administrator, MEDEX Global Group > 410-308-7931 > > *From:* Erik Goldoff [mailto:[email protected]] > *Sent:* Wednesday, July 21, 2010 2:41 PM > > *To:* NT System Admin Issues > *Subject:* RE: Removing missing DC metadata > > > > But if a file server and removed from the domain, aren’t domain-specific > permissions lost when removed from the domain ? > > > > *Erik Goldoff*** > > *IT Consultant* > > *Systems, Networks, & Security * > > ' Security is an ongoing process, not a one time event ! ' > > *From:* Don Ely [mailto:[email protected]] > *Sent:* Wednesday, July 21, 2010 2:30 PM > > *To:* NT System Admin Issues > *Subject:* Re: Removing missing DC metadata > > > > +1 > > > > remove the server from the domain, run the steps, add it back and you > should be fine... > > On Wed, Jul 21, 2010 at 11:18 AM, Don Guyer <[email protected]> > wrote: > > I think if you move the current computer into a workgroup, make the changes > in AD, then put it back into the domain you’ll be fine. Others may have > additional input. > > > > Don Guyer > > Systems Engineer - Information Services > > Prudential, Fox & Roach/Trident Group > > 431 W. Lancaster Avenue > > Devon, PA 19333 > > Direct: (610) 993-3299 > > Fax: (610) 650-5306 > > [email protected] > > > > *From:* Jim Slattery [mailto:[email protected]] > *Sent:* Wednesday, July 21, 2010 2:11 PM > > *To:* NT System Admin Issues > *Subject:* Removing missing DC metadata > > > > We have a file server that shares a name with an old DC that failed. > Instead of removing the metadata for the DC, someone just installed a new > server with the same name. That name now unfortunately is held by our main > file server. > > I need to remove the DC metadata, but need to leave the server up and > running. > > My question is this... if I run this kind of operation: > http://www.petri.co.il/delete_failed_dcs_from_ad.htm > > or > http://support.microsoft.com/kb/216498 > > > ...is the current server still going to be in the domain as a member > server? > > I haven't slept well in a few days, and I'm exhausted, so if the answer to > this question is obvious, please don't beat up on me too much. I just don't > want to create more problems while trying to solve another. > > TIA > > > > *Jim Slattery* > Systems Administrator, MEDEX Global Group > 410-308-7931 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
