N/APosted on - 10/29/2012
Would I be able to obtain user passwords from the AD database? I am on a slow WAN link. How can I promote my existing location to a server to DC? Is it possible to remove AD forcibly from a server? What should I do after removing it from the server?
Would be able to obtain user passwords from the AD database?
1) You cannot get the password for an Active Directory user. That would breach the security measures of Windows.Administrator is able to reset the password, but not able to identify the current password. Also no user passwords are stored in a manner that can be retrieved.
2) Demote the server using dcpromo /forceremoval, then remove the metadata from Active directory using ndtsutil. There is no way to get user passwords from AD that I am aware of, but you should still be able to change them.
Another way out too
Restart the DC is DSRM mode
a. Locate the following registry subkey:
b. In the right-pane, double-click ProductType.
c. Type ServerNT in the Value data box, and then click OK.
Restart the server in normal mode
its a member server now but AD entries are still there. Promote the server to a fake domain say ABC.com and then remove gracefully using DCpromo. Else after restart you can also use ntdsutil to do metadata