Can't delete an old domain controller

R

Rich

Hello,

I have a Win2K home network which I run basically as a test lab to teach
myself various things. Initially, I had to domain controllers (server01 and
server02). Server02 no longer exists on the network. It is however still
in AD. AD will not allow me to delete it either from AD Sites and Services
or AD Users & Computers.

Questions:
1. Whenever I remove a computer, especially a server, should it be deleted
from AD before being removed from the network?

2. Why won't AD allow me to delete it?

3. How can I get it deleted from AD?

TIA,
Rich
 
C

Cary Shultz [A.D. MVP]

Rich,

It is a really great thing that you are doing this at home. This is how I
started doing things ( well, in a spare office at work......but same
concept! Well, for full disclosure, I had a home network setup as well ).

Install the Support Tools from the Windows Service Pack CD-Media. I would
suggest doing this on all of your servers. Or, even better yet, on the
workstation that you will use to do all of the 'Admin' stuff. There are
some really neat tools included in the Support Tools. The ones that you
will most likely use often would be repadmin, replmon, dcdiag, netdiag and
netdom.

I would also suggest that you install ADModify ( do a google for the link to
download this awesome little application ). This will help when you have
bulk changes to make ( say that the company were to move and you needed to
change the address for 300 user account objects.....that would be a long
day! ADModify does this for you in about three seconds! The other thing to
do would be to learn ADSI! ).

Now, to your question:

Take a look at ntdsutil and do a metadata cleanup. I will intentionally not
provide a link to the MSKB Article that gives you the step-by-step
instructions. This is not to be a turkey, but to allow you the discovery
process. The things that I used to find when I was looking for
something.....

Anyway, google will be your friend in this search. I would suggest that you
take a look in the MSKB articles ( er, that is the Microsoft Knowledge
Base ) as well as in this newsgroup. There will be a lot of things to find!

If you have anymore questions or need more help you know where to find us!

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
 
R

Rich

Helo Cary,

Thanks for the quick reply.

Ok, I'm running ntdsutil and believe that I have found that at the ntdsutil
prompt, I need to:

1. Metadata cleanup <enter>
2. At Metadata cleanup prompt, Connect to the server (domain controller in
question).
3. Select operation target <enter> leaving me at the Select operation
target prompt.

At this point, I don't seem to be able to establish the connection to the
DC. I am assuming that this is the correct course. I don't know if I'm
assuming correctly or just using incorrect syntax.

Can you "guide" me a little further? Am I on the right track?

Thanks,
Rich
 
C

Cary Shultz [A.D. MVP]

Rich,

Sorry for the delayed response. Are you binding to ( read: connecting to )
the remaining Domain Controller or - as I suspect you are - are you binding
to the deleted Domain Controller?

You will need to bind to an existing Domain Controller ( read: a remaining
Domain Controller ) so that you can do your thing. Connecting to the
deleted DC will give you a problem...

And, are you following this link:

http://support.microsoft.com/?id=216498

HTH,

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
 
R

Rich

Hey Cary,

Thanks again for the replies.

Follwed all the directions in the article. I'm actually learning here. I
was able to delete the server. But please, can you explain the issue... Is
it by design that you can't delete a server from AD when the server no
longer exists in the network? Is this the case for DC's or any server? Is
this a limitation of AD or possibly something to do with LDAP?

Thanks again!!!
Rich
 
C

Cary Shultz [A.D. MVP]

Rich,

Sorry for the delay. Not sure that I understand your question! Well,
maybe...

There is a very good reason why you can not easily delete a Domain
Controller from AD when it was not properly removed. There are a ton of
things involved ( replication, for one ).

Does this help? Or did you need more?

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

FRS - replication question/error 1
Domain Controller cannot contact domain???? WTF??? 1
Domain Controller Crashed - Other servers don't have 'copies' of A 2
how to remove nt4 pdc from Win2000 AD? 2
AD Site Topology 8
Old Domain Controller 2
Deleted domain controller 3
failed DC - DSA object cannot be deleted after metadata cleanup 1

Top