Application directory partitions and domain controller demotion

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Application directory partitions and domain controller demotion

If a domain controller holds a replica of an application directory partition, then you must remove the domain controller from the replica set of the application directory partition or delete the application directory partition before you can demote the domain controller.

If a domain controller holds the last replica of a particular application directory partition, then you must delete the application directory partition before you can demote the domain controller.

The Active Directory Installation Wizard will not remove a replica or delete an application directory partition programmatically. You must decide when it is safe to delete the last replica of a particular partition.

Before deleting the last replica of an application directory partition, identify the applications that use the application directory partition, determine if it is safe to delete the last replica, identify the partition deletion tool provided by the application, and then remove the application directory partition by using the tool provided or by using the Ntdsutil command-line tool.

Identify the applications that use the application directory partition

To determine what application directory partitions are hosted on a computer, refer to the list on the first page of the Active Directory Installation Wizard. If the list does not provide enough information to identify the programs using a particular application directory partition, you may be able to identify them in one of the following ways:

• Speak to a member of the Enterprise Admins group.

• Consult the network change control records for your organization.

• Use LDP or ADSI Edit to view the data contained in the partition. For more information about these tools, see the Active Directory Programmer's Guide at the Microsoft Web site.

Determine if it is safe to delete the last replica

Removing the last replica of an application directory partition will result in the permanent loss of any data contained in the partition. If you have identified the applications using the application directory partition, consult the documentation provided with those applications to determine if there is any reason to keep the data. If the applications that use the application directory partition are out of service, it is probably safe to remove the partition.

If it is not safe to delete the last replica, or if you cannot determine whether or not it is safe, and you must demote the domain controller holding the last replica of a particular application directory partition, follow these steps: Add a replica of the partition on another domain controller, force the replication of the contents of the application directory partition to the domain controller holding the new replica, and then remove the replica of the partition on the domain controller to be demoted. For more information, see Add or remove an application directory partition replica.

Identify the partition deletion tool provided by the application

Most applications that create application directory partitions provide a utility to remove the partitions. When possible, always delete an application directory partition using the utility provided. For example, to delete a TAPI partition, use the Tapicfg.exe command-line tool. For more information about TAPI and removing TAPI application directory partitions, see Telephony.

Remove the application directory partition using the tool provided or use Ntdsutil

Refer to the application's documentation for information about removing application directory partitions that were created and used by that application.

Caution

• If possible, use the application's tool for managing its application directory partitions. The application may keep other data in addition to Active Directory managed data for the application directory partitions. By using Ntdsutil, the two sets of data could cause a conflict.

If you cannot identify the application that created the application directory partition, or if your application does not provide a means to delete application directory partitions that it created, you can use the Ntdsutil command-line tool. To do this, see Create or delete an application directory partition.

For information about demoting a domain controller, see Demote a domain controller. For general information about application directory partitions, see Application directory partitions.