Removing Active Directory from a network.

I'm just trying to help out my friend here, but even with all of my dealings with managing a network with Active Directory, I've never completely removed it from a network infrastructure. My friend has to kill a domain controller and relegate a network to use Workgroups. So in other words, decentralize the network.

Which means, everyone will have to use local usernames and what not (I'm assuming, my friend's just following orders). Now his main problem is migrating the client computers (There's 24 PCs excluding the server). Can he just delete the domain profiles after he disjoins the domain from each PC, or what's the fastest way to transition the workstations?

Fastest way to unjoin the workstations is using the netdom command from a central admin workstation or server. Profiles can be deleted after that.

Make sure someone actually knows the local adminstrator account password on each workstation before removing them from the domain.

Dcpromo of course to demote the domain controller(s) with the FSMO role holders removed last.

FSMO, is that the Master Operator stuff?

This is agiant step backwards, but use the steps above. make sure you reset the local admin accouts on each PC first. demote the Forrest root DC once all PC can login locally and all other Dc's are demoted.

Blitzrommel said:

FSMO, is that the Master Operator stuff?

Click to expand...

Exactly. There are 5 master operations roles. 3 are domain level, and 2 are forest wide. Simply ensure you know which servers own the roles.

I didn't ask, but is the one server you mention the only domain controller on the network, or is it the only domain controller you're concerned with and the domain will live on elsewhere (in another office or another department, for example?)

I agree with a previous post that removing AD and going to workgroup computing is a huge step backwards. What's the reason behind the move?

rcolbert said:

Exactly. There are 5 master operations roles. 3 are domain level, and 2 are forest wide. Simply ensure you know which servers own the roles.

I didn't ask, but is the one server you mention the only domain controller on the network, or is it the only domain controller you're concerned with and the domain will live on elsewhere (in another office or another department, for example?)

I agree with a previous post that removing AD and going to workgroup computing is a huge step backwards. What's the reason behind the move?

Click to expand...

It's just a single domain network, with only one domain controller.

My friend didn't tell me why this has to be done. Could be licensing or something, but my friend said he has to put Linux on the server eventually.

EDIT: Just wanted to mention that there's nothing that has to be saved in terms of acct. information; all of the local admin passwords are known and what-not.