Manually removing Domain Controllers within Active Directory?

[Che Bliayang]

Our Engineer left our company and I've taken the roles for him. I noticed
that there are several domain controllers that were retired and were never
demoted. I get errors from our current domain controllers stating that they
cannot connect and replicate to those old DC. How do I manually remove them?
I've tried using the ntdsutil but cannot connect to those servers unless
they're online which wont' happen since those old DC were formatted and used
for something else. Do I simply rebuild those servers with the same server
name and then demote it?

2nd question is regarding a new DC that was built by our other Engineer.
After promoting and updating with the latest patch, it now hangs at
"preparing your network connections" during boot up. I was able to boot via
safe mode and checked the event log and the event id was: 16650. What's the
best method to resolve this issue? Simply scrath it and rebuild it?

I appreciate all of your answers!

 

[rajiv juneja]

hi Che-
try using ADSI Edit tool included in support tools of server CD. It is a low
level editor for active directory.It worked for me at least. could remove
the orphaned domain entries in the logon list and even remove the trust
entries manually.

 

[Herb Martin]

hi Che-
try using ADSI Edit tool included in support tools of server CD. It is a low
level editor for active directory.It worked for me at least. could remove
the orphaned domain entries in the logon list and even remove the trust
entries manually.

I would far prefer to use NTDSUtil -- it is much more
difficult to make a critical mistake since it only performs
deletes you are very likely to need.

The only real mistake you can make with NTDSUtil
"metadata cleanup" is to delete the wrong DC or wrong
domain, but since you have to work at that and confirm
at several steps that is not likely either.

Search Google:

[ ntdsutil "metadata cleanup" remove dc domain ]

 

[Che Bliayang]

When i to connect to the DC, it says that it cannot connect to the server.
Could that be because those DC that i'm trying to remove don't exist
anymore?

hi Che-
try using ADSI Edit tool included in support tools of server CD. It is a low
level editor for active directory.It worked for me at least. could remove
the orphaned domain entries in the logon list and even remove the trust
entries manually.

I would far prefer to use NTDSUtil -- it is much more
difficult to make a critical mistake since it only performs
deletes you are very likely to need.

The only real mistake you can make with NTDSUtil
"metadata cleanup" is to delete the wrong DC or wrong
domain, but since you have to work at that and confirm
at several steps that is not likely either.

Search Google:

[ ntdsutil "metadata cleanup" remove dc domain ]

 

[Herb Martin]

When i to connect to the DC, it says that it cannot connect to the server.
Could that be because those DC that i'm trying to remove don't exist
anymore?

We have to be real PICKY about terminology here
to get this straight:

You "connect to" the DC that is running and will perform
the task of deletion.

You "SELECT" the DC (site, domain, dc actually) that
will be deleted (the one that is presumably no longer
running.)

The connected server must be running and available;
usually the one where you issue the command (but
technically it can be issued from a non-DC or another
DC.)

Does that help?

--
Herb Martin

hi Che-
try using ADSI Edit tool included in support tools of server CD. It is

a
low

level editor for active directory.It worked for me at least. could remove
the orphaned domain entries in the logon list and even remove the trust
entries manually.

I would far prefer to use NTDSUtil -- it is much more
difficult to make a critical mistake since it only performs
deletes you are very likely to need.

The only real mistake you can make with NTDSUtil
"metadata cleanup" is to delete the wrong DC or wrong
domain, but since you have to work at that and confirm
at several steps that is not likely either.

Search Google:

[ ntdsutil "metadata cleanup" remove dc domain ]


--
Herb Martin

Our Engineer left our company and I've taken the roles for him. I noticed
that there are several domain controllers that were retired and were never
demoted. I get errors from our current domain controllers stating that
they
cannot connect and replicate to those old DC. How do I manually remove
them?
I've tried using the ntdsutil but cannot connect to those servers
unless
they're online which wont' happen since those old DC were formatted and
used
for something else. Do I simply rebuild those servers with the same server
name and then demote it?

2nd question is regarding a new DC that was built by our other
Engineer.
After promoting and updating with the latest patch, it now hangs at
"preparing your network connections" during boot up. I was able to boot
via
safe mode and checked the event log and the event id was: 16650.
What's
the
best method to resolve this issue? Simply scrath it and rebuild it?

I appreciate all of your answers!

 

[rajiv juneja]

I had actually used ntdsutil before ADSI Edit but when i rebooted i still
had
the orphaned domain entries in the logon list and in the active directory
domains and trusts.

On running the ntdsutil again the orphaned domain was still being listed in
'list domains' command.
Only the 'list servers in site' command did not show the removed server in
the listing.

In using ntdsutil i had actually followed all steps in kb article id:216498.
could you tell what went wrong and how to remove the orphaned domain entries
without using ADSI Edit.

thanks in advance
And yes i forgot to add that the domain i was wanting to remove could not
be connected as it been accidently
formatted.

We have to be real PICKY about terminology here
to get this straight:

You "connect to" the DC that is running and will perform
the task of deletion.

You "SELECT" the DC (site, domain, dc actually) that
will be deleted (the one that is presumably no longer
running.)

The connected server must be running and available;
usually the one where you issue the command (but
technically it can be issued from a non-DC or another
DC.)

Does that help?

is

a

low
level editor for active directory.It worked for me at least. could
remove
the orphaned domain entries in the logon list and even remove the trust
entries manually.

I would far prefer to use NTDSUtil -- it is much more
difficult to make a critical mistake since it only performs
deletes you are very likely to need.

The only real mistake you can make with NTDSUtil
"metadata cleanup" is to delete the wrong DC or wrong
domain, but since you have to work at that and confirm
at several steps that is not likely either.

Search Google:

[ ntdsutil "metadata cleanup" remove dc domain ]


--
Herb Martin


Our Engineer left our company and I've taken the roles for him. I
noticed
that there are several domain controllers that were retired and were
never
demoted. I get errors from our current domain controllers stating that
they
cannot connect and replicate to those old DC. How do I manually remove
them?
I've tried using the ntdsutil but cannot connect to those servers
unless
they're online which wont' happen since those old DC were formatted and
used
for something else. Do I simply rebuild those servers with the same
server
name and then demote it?

2nd question is regarding a new DC that was built by our other
Engineer.
After promoting and updating with the latest patch, it now hangs at
"preparing your network connections" during boot up. I was able to boot
via
safe mode and checked the event log and the event id was: 16650.
What's
the
best method to resolve this issue? Simply scrath it and rebuild it?

I appreciate all of your answers!

[/QUOTE]

 

[Herb Martin]

thanks in advance

And yes i forgot to add that the domain i was wanting to remove could not
be connected as it been accidently
formatted.

You do NOT "connect to" the server or domain to remove
it -- you connect to a working server to DO the removal.

You "select" the DC or Domain to be removed (after
connecting to a DC to perform the work.)

These are technical terms in NTDSUtil and make a
big difference.

--
Herb Martin

I had actually used ntdsutil before ADSI Edit but when i rebooted i still
had
the orphaned domain entries in the logon list and in the active directory
domains and trusts.

On running the ntdsutil again the orphaned domain was still being listed in
'list domains' command.
Only the 'list servers in site' command did not show the removed server in
the listing.

In using ntdsutil i had actually followed all steps in kb article id:216498.
could you tell what went wrong and how to remove the orphaned domain entries
without using ADSI Edit.

thanks in advance
And yes i forgot to add that the domain i was wanting to remove could not
be connected as it been accidently
formatted.

When i to connect to the DC, it says that it cannot connect to the server.
Could that be because those DC that i'm trying to remove don't exist
anymore?

We have to be real PICKY about terminology here
to get this straight:

You "connect to" the DC that is running and will perform
the task of deletion.

You "SELECT" the DC (site, domain, dc actually) that
will be deleted (the one that is presumably no longer
running.)

The connected server must be running and available;
usually the one where you issue the command (but
technically it can be issued from a non-DC or another
DC.)

Does that help?

--
Herb Martin

hi Che-
try using ADSI Edit tool included in support tools of server CD. It

is

a
low
level editor for active directory.It worked for me at least. could
remove
the orphaned domain entries in the logon list and even remove the trust
entries manually.

I would far prefer to use NTDSUtil -- it is much more
difficult to make a critical mistake since it only performs
deletes you are very likely to need.

The only real mistake you can make with NTDSUtil
"metadata cleanup" is to delete the wrong DC or wrong
domain, but since you have to work at that and confirm
at several steps that is not likely either.

Search Google:

[ ntdsutil "metadata cleanup" remove dc domain ]


--
Herb Martin


Our Engineer left our company and I've taken the roles for him. I
noticed
that there are several domain controllers that were retired and were
never
demoted. I get errors from our current domain controllers stating that
they
cannot connect and replicate to those old DC. How do I manually remove
them?
I've tried using the ntdsutil but cannot connect to those servers
unless
they're online which wont' happen since those old DC were

formatted
and

used
for something else. Do I simply rebuild those servers with the same
server
name and then demote it?

2nd question is regarding a new DC that was built by our other
Engineer.
After promoting and updating with the latest patch, it now hangs at
"preparing your network connections" during boot up. I was able

to
boot

via
safe mode and checked the event log and the event id was: 16650.
What's
the
best method to resolve this issue? Simply scrath it and rebuild it?

I appreciate all of your answers!

 

[Che Bliayang]

Thanks guys! That worked like a charm! I had to use both utilities to remove
it. I used ntdsutil first and then adsi edit to remove the DC that weren't
used anymore!

thanks in advance
And yes i forgot to add that the domain i was wanting to remove could not
be connected as it been accidently
formatted.

You do NOT "connect to" the server or domain to remove
it -- you connect to a working server to DO the removal.

You "select" the DC or Domain to be removed (after
connecting to a DC to perform the work.)

These are technical terms in NTDSUtil and make a
big difference.

--
Herb Martin

I had actually used ntdsutil before ADSI Edit but when i rebooted i
still
had
the orphaned domain entries in the logon list and in the active directory
domains and trusts.

On running the ntdsutil again the orphaned domain was still being listed in
'list domains' command.
Only the 'list servers in site' command did not show the removed server
in
the listing.

In using ntdsutil i had actually followed all steps in kb article id:216498.
could you tell what went wrong and how to remove the orphaned domain entries
without using ADSI Edit.

thanks in advance
And yes i forgot to add that the domain i was wanting to remove could not
be connected as it been accidently
formatted.

When i to connect to the DC, it says that it cannot connect to the server.
Could that be because those DC that i'm trying to remove don't exist
anymore?

We have to be real PICKY about terminology here
to get this straight:

You "connect to" the DC that is running and will perform
the task of deletion.

You "SELECT" the DC (site, domain, dc actually) that
will be deleted (the one that is presumably no longer
running.)

The connected server must be running and available;
usually the one where you issue the command (but
technically it can be issued from a non-DC or another
DC.)

Does that help?

--
Herb Martin




hi Che-
try using ADSI Edit tool included in support tools of server CD.
It is
a
low
level editor for active directory.It worked for me at least. could
remove
the orphaned domain entries in the logon list and even remove the trust
entries manually.

I would far prefer to use NTDSUtil -- it is much more
difficult to make a critical mistake since it only performs
deletes you are very likely to need.

The only real mistake you can make with NTDSUtil
"metadata cleanup" is to delete the wrong DC or wrong
domain, but since you have to work at that and confirm
at several steps that is not likely either.

Search Google:

[ ntdsutil "metadata cleanup" remove dc domain ]


--
Herb Martin


Our Engineer left our company and I've taken the roles for him.
I
noticed
that there are several domain controllers that were retired and were
never
demoted. I get errors from our current domain controllers
stating
that
they
cannot connect and replicate to those old DC. How do I manually
remove
them?
I've tried using the ntdsutil but cannot connect to those
servers
unless
they're online which wont' happen since those old DC were formatted
and
used
for something else. Do I simply rebuild those servers with the same
server
name and then demote it?

2nd question is regarding a new DC that was built by our other
Engineer.
After promoting and updating with the latest patch, it now hangs at
"preparing your network connections" during boot up. I was able to
boot
via
safe mode and checked the event log and the event id was: 16650.
What's
the
best method to resolve this issue? Simply scrath it and rebuild it?

I appreciate all of your answers!

 

[Herb Martin]

Thanks guys! That worked like a charm! I had to use both utilities to remove
it. I used ntdsutil first and then adsi edit to remove the DC that weren't
used anymore!

Glad to help....pass it on to others.

--
Herb Martin

thanks in advance
And yes i forgot to add that the domain i was wanting to remove could not
be connected as it been accidently
formatted.

You do NOT "connect to" the server or domain to remove
it -- you connect to a working server to DO the removal.

You "select" the DC or Domain to be removed (after
connecting to a DC to perform the work.)

These are technical terms in NTDSUtil and make a
big difference.

--
Herb Martin

I had actually used ntdsutil before ADSI Edit but when i rebooted i
still
had
the orphaned domain entries in the logon list and in the active directory
domains and trusts.

On running the ntdsutil again the orphaned domain was still being

listed
in

'list domains' command.
Only the 'list servers in site' command did not show the removed server
in
the listing.

In using ntdsutil i had actually followed all steps in kb article id:216498.
could you tell what went wrong and how to remove the orphaned domain entries
without using ADSI Edit.

thanks in advance
And yes i forgot to add that the domain i was wanting to remove could not
be connected as it been accidently
formatted.


When i to connect to the DC, it says that it cannot connect to the
server.
Could that be because those DC that i'm trying to remove don't exist
anymore?

We have to be real PICKY about terminology here
to get this straight:

You "connect to" the DC that is running and will perform
the task of deletion.

You "SELECT" the DC (site, domain, dc actually) that
will be deleted (the one that is presumably no longer
running.)

The connected server must be running and available;
usually the one where you issue the command (but
technically it can be issued from a non-DC or another
DC.)

Does that help?

--
Herb Martin




hi Che-
try using ADSI Edit tool included in support tools of server CD.
It
is
a
low
level editor for active directory.It worked for me at least. could
remove
the orphaned domain entries in the logon list and even remove the
trust
entries manually.

I would far prefer to use NTDSUtil -- it is much more
difficult to make a critical mistake since it only performs
deletes you are very likely to need.

The only real mistake you can make with NTDSUtil
"metadata cleanup" is to delete the wrong DC or wrong
domain, but since you have to work at that and confirm
at several steps that is not likely either.

Search Google:

[ ntdsutil "metadata cleanup" remove dc domain ]


--
Herb Martin


Our Engineer left our company and I've taken the roles for him.
I
noticed
that there are several domain controllers that were retired and
were
never
demoted. I get errors from our current domain controllers
stating
that
they
cannot connect and replicate to those old DC. How do I manually
remove
them?
I've tried using the ntdsutil but cannot connect to those
servers
unless
they're online which wont' happen since those old DC were formatted
and
used
for something else. Do I simply rebuild those servers with the same
server
name and then demote it?

2nd question is regarding a new DC that was built by our other
Engineer.
After promoting and updating with the latest patch, it now

hangs
at

"preparing your network connections" during boot up. I was

able
to

boot
via
safe mode and checked the event log and the event id was: 16650.
What's
the
best method to resolve this issue? Simply scrath it and

rebuild
it?

I appreciate all of your answers!