Index: windows-3.2.xml
===================================================================
--- windows-3.2.xml	(Revision 43757)
+++ windows-3.2.xml	(Arbeitskopie)
@@ -53,6 +53,82 @@
 </programlisting>
 
         </section>
+
+        <section>
+            <title>Uninstallation of a Samba 4 domain controller</title>
+			<para>
+			  The removal of an Samba 4 DC (Active Directory-compatible domain controller) is a
+			  far-reaching configuration step and should be prepared thoroughly.
+			</para>
+
+			<para>
+			  At least on one DC master or DC backup must be the samba 4 packages installed in case
+			  the domain should be Active Directory-compatible.
+			</para>
+
+			<para>
+			  Before uninstalling the packages the domain controller must be removed from Samba 4.
+			  That can be done with the helper script purge_s4_computer.py. It must be run on a DC
+			  master or DC backup system.
+			  The question 'Really remove master from Samba 4?' must be answered with Yes and
+			  the question 'Really remove master from UDM as well?' must be answered with No,
+			  e.g:
+			</para>
+
+<programlisting language="sh">
+root@backup:~# /usr/share/univention-samba4/scripts/purge_s4_computer.py --computername=master
+Really remove master from Samba 4? [y/N]: Yes
+If you are really sure type YES and hit enter: YES
+Ok, continuing as requested.
+
+[...]
+Removing CN=MASTER,CN=Computers,$ldap_BASE from SAM database.
+Really remove master from UDM as well? [y/N]: No
+Ok, stopping as requested.
+
+root@backup:~#
+</programlisting>
+
+			<para>
+			  The S4 connector must be run on one DC master or DC backup in the domain. If samba4
+			  was uninstalled on a DC master or DC backup the S4 connector join
+			  (97univention-s4-connector) script should be re-executed on another system. That can
+			  be done via the UMC module 'Domain join', see <xref linkend="s4connector-rejoin"/>.
+			</para>
+
+			<figure id="s4connector-rejoin">
+			  <title>Re-execute S4 connector join</title>
+			  <graphic scalefit="1" width="80%" fileref="illustrations/s4connector-re-execute.png"/>
+			</figure>
+
+			<para>
+			  The FSMO (Flexible Single Master Operations) roles should be checked. In case the
+			  roles are used by the removed DC, they should be transfered, for example:
+			</para>
+<programlisting language="sh">
+root@backup:~# samba-tool fsmo show
+InfrastructureMasterRole owner: CN=NTDS Settings,CN=MASTER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dom,DC=local
+RidAllocationMasterRole owner: CN=NTDS Settings,CN=MASTER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dom,DC=local
+PdcEmulationMasterRole owner: CN=NTDS Settings,CN=MASTER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dom,DC=local
+DomainNamingMasterRole owner: CN=NTDS Settings,CN=MASTER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dom,DC=local
+SchemaMasterRole owner: CN=NTDS Settings,CN=MASTER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dom,DC=local
+
+root@backup:~# samba-tool fsmo seize --role=all --force
+Will not attempt transfer, seizing...
+FSMO transfer of 'rid' role successful
+Will not attempt transfer, seizing...
+FSMO transfer of 'pdc' role successful
+Will not attempt transfer, seizing...
+FSMO transfer of 'naming' role successful
+Will not attempt transfer, seizing...
+FSMO transfer of 'infrastructure' role successful
+Will not attempt transfer, seizing...
+FSMO transfer of 'schema' role successful
+root@backup:~# 
+</programlisting>
+
+
+        </section>
     </chapter>
 
 	<bibliography>