If AD DS is already removed from the RODC computer, you can easily remove the computer account by using the Active Directory Users and Computers or Active Directory Sites and Services snap-ins.
To remove an RODC computer account with Active Directory Users and Computers
1. Open Active Directory Users and Computers. To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.
2. Ensure that you are connected to a writeable domain controller running Windows Server 2008 in the correct domain. To connect to the appropriate domain or domain controller, in the details pane, right-click the Active Directory Users and Computers object, and then click Change Domain or Change Domain Controller, respectively.
3. In the console tree, expand the domain object, and then select the Domain Controllers organizational unit (OU).
4. In the details pane, right-click the RODC computer account, and then click Delete.
5. When you are prompted, click Yes to continue with the removal of the RODC account. At this point, the Deleting Domain Controller dialog box appears. If the RODC was not compromised or stolen, you can clear all the check boxes in this dialog box and then click Delete. If the RODC was compromised or stolen,
6. Next, another Delete Domain Controller dialog box appears, asking you to confirm metadata deletion. Click OK to continue with the RODC computer account removal.
7. If the domain controller was also a global catalog server, you are asked again to confirm that you want to continue the deletion. Click Yes to continue.
From Microsoft:see Securing Accounts After an RODC Is Stolen.
No comments:
Post a Comment