Novell Open Enterprise Server 11.1 (OES11SP1)
Novell Open Enterprise Server 2 SP3 (OES2SP3)
Domain Services for Windows
This TID gives instructions on how to remove a DSfW Child Domain.
For removing a DSfW server, Domain, and Forest (removing DSfW from the eDirectory Tree) then follow TID 7005431
To remove an ADC (Additional Domain Controller), only the DSfW objects directly related to the DSfW server need to be removed (ncp server, ldap, certificate objects, object in the Domain Controllers container, etc).
If the Domain Controller is functioning, please use the script in the Additional Information section that can be downloaded at dsfwdude.com.
Delete the following objects in the child domains. If an object has child objects, delete the child objects first.
Domain Controllers container
On the container where the domain was mapped, remove the extentions domainDNS and xadFlags
DO NOT REMOVE PARTITION
Delete the following attributes on the container where the domain was mapped.
In the parent domain in the cn=users container an object with the name of the child domain will exist. It will have a $ at the end of the name of the object. This object represents the trust set up between the parent and child domain. Delete this object.
A removal script can be downloaded at for OES2SP2 and OES2SP3 at dsfwdude.com
A new removal script, ndsdcrmx.pl, has been created for all versions including OES11 and OES11SP1 can also be downloaded
. The ndsdcrmx.pl can be used on a ADC or PDC. Warning, if used on a PDC it will remove the DSfW domain. Transfer the FSMO roles before running on a PDC if there is an ADC and the DSfW domain is to be retained in the eDirectory tree.
There is a -f switch that can used in some partially configured situations, but it depending on how far the install has gone it may or may not work.
The new removal script also requires the manual removal of some trustee assignments if removing the DSfW Domain, not just the server.
Start with [This] trustees from the mapped container (usually the O)
It should only have three ACLs, you can verify only these three attributes are listed. If that is the case then remove the entire [This] ACL
If you see [Root] listed as a trustee for the mapped container, remove it.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.