[Dailydave] Removing ADS from a Windows machine and giving the machine to someone else

Kurt Buff kurt.buff at gmail.com
Thu Jan 21 13:17:13 EST 2016 

I think you should be good to go, but if you want more assurance, you
might wish to ask this question over on the activedir.org mailing
list. There are a fair number of AD heavyweights there.

Kurt

On Wed, Jan 20, 2016 at 8:14 PM, No One <situbu42 at yahoo.com> wrote:
> Hello all!
>
> leaving aside hateful thoughts directed at windows, please  consider the
> following situation:
>
> ·         GIVENS:
> o    I have a client with multiple locations.  The client runs windows
> active directory.  Each location has an ADS controller.
> o    Client sold one part of its biz, SUB A.  SUB A's IT components are
> largely contained in its location.  SUB A, at its location, has a
> combination file server/AD server (SUBA-FS1).
> o    the new owner of SUB A has elected to keep this file server.
> o    SUBA-FS1 is running win2k8r2
> o    SUBA-FS1 is a vm running on a vmware 5.0 server (SUBA-ESX1).
> o    There are no vmware or vss snapshots.
> o    The new owner won’t be getting a backup of SUBA-FS1.
> o    SUBA-ESX1 has been used as a staging area for DR testing (restoring
> other VMS).
> §  It has one data store.
> §  These vms have been removed.
> §  I have added virtual disks to SUBA-FS1 that are the same size as the
> total free space and run sysinternals sdelete against the disks, which
> effectively overwrote all the free space in vmfs.
> ·         QUESTION:
> o    can I safely give this server to the new owner?
> o    If so how?
> ·         MY THOUGHTS
> o    When I demote the server from domain controller to member server,
> windows removes active directory info from the machine.
> o    I think that this process wipes the data (deletes it and zeroes out the
> files and folder so that undelete is not possible) from the disk.
> o    I think that even if the process does not wipe the data, if the folder
> that contains the active directory data is gone and I run “sdelete –p 5 –c
> c:” (from sysinternals), then the data will be gone.
>
> If there is no secure way to do this, what is the best I can do?
>
> I think I am on the right track but I have been doing this long enough to
> realize that I could be missing something.
>
> i am happy to answer follow up questions.
>
> Thanks in advance.
>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>

More information about the Dailydave mailing list