Can't remove old server from server list in active Directory

  • Thread starter Thread starter Chris Clarke-Williams
  • Start date Start date
C

Chris Clarke-Williams

Due to a power brown out we lost the use of our original
domain controller and had to transfer all the 'PDC' roles
to another. Everything seems to be working and both
servers now agree who is the new 'PDC'.

I do have a problem which is that I can't remove the old
sever from the list of servers if I try I get a message
saying "The DSA object cannot be deleted" Do I also
need to remove it anywhere else?

Does anyone know what the DSA object is and whether or
not there is a way round this as I'd like to set the
original machine back up using the same name and IP.

Also I have SRV records for all three domain controllers
in DNS, should I remove the ones reffering to the
original server I have checked that records for all
services point to the other servers.
 
In situation like yours, you do a FSMO seizure. which i believe you did, but
there a some steps as to how to do a successful seizure.
First of all you have to make sure that
A: the original DC is not going to be coming online (meaning with same name
and IP)
B: After you do the FSMO seizure through ntdsutil.exe, you do the deletion
of the NTDS comp object from the ntdsiutil.exe.
C: After you delete the comp object through ntdsutil.exe utility, delete
the comp account from ad user and comp.
D: delete from the AD site and services - site - servers - DC object

These procedures will clean the failed DC account and DSA object from the AD
configuration partition. you cannot jump to step C: (which i suspect you
are doing) before step B: mentioned above.

-Jim
 
Paul,

Thanks very much for your help. The metadat cleanup
aprt of the Microsoft support article seemed to work
really well. If I run through the select operation
target procedure the server I wan to rebuild is no longer
listed. The article then says I should use something
called ADSIEdit to delete the Domain Controller name.

I do not appear to have a program called ADSIEdit and I
still get "Tthe DSA Object cannot be deleted" if I try to
delete it from the list in Active Directory Users and
Computers, Domain Controlers.

Do I need to do anything else before trying to rebuild
the system?


Thanks


Chris
-----Original Message-----
You'll need to perform a metadata clean up and then you
Click to expand...
can rebuild a new DC with the same name and IP, etc.
You wont need to remove the SRV records that point to
Click to expand...
DC, GC, etc. Only the GUID CName.
 
you have to manually install the adsiedit tool;
go to command prompt and type the following:

regsvr32 schmmgmt.dll

- after this go to start - run- mmc
- in the mmc, click file- add/remove snap-in - add -
here you will see the adsi edit tool

in order to do a metadata cleanup of you disposed DC, connect to another
healthy DC in ntdsutil.exe utility.

- Jim
 
Thanks for your help.

I have successfully registered schmmgmt.dll.

On starting MMC and going to Console -> Add/RemoveSnapin -
Add
Click to expand...

I get a list of stanalone snap ins in alphabetical
order. There is not one called ADSIEdit. I have

Active Directory Domains and Trusts

Active Directory Schema

Active Directory Sites and services

Active Directory Users and Computers.

Is it one of these that I am meant to be using?
 
ADschema snap in is adsiedit

Thanks for your help.

I have successfully registered schmmgmt.dll.

On starting MMC and going to Console -> Add/RemoveSnapin -

I get a list of stanalone snap ins in alphabetical
order. There is not one called ADSIEdit. I have

Active Directory Domains and Trusts

Active Directory Schema

Active Directory Sites and services

Active Directory Users and Computers.

Is it one of these that I am meant to be using?
Click to expand...
 
What you need to use is part of the support tools. Install these from the
Windows Server CD-ROM and then navigate to Start\Windows Server Support
Tools\ADSIEdit

Now finish what is listed in the KB I posted and then rebuild.

--

Paul Williams
_________________________________________
http://www.msresource.net


Join us in our new forums!
http://forums.msresource.net
_________________________________________


ADschema snap in is adsiedit
 
Thanks Paul, I have just found the right stuff on the CD
to install and at last the defunct server is gone.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

PDC or member server 4
error raise domain function from win2000 to win2003 0
Active Directory root server problem 1
Can't remove AD 3
how to remove nt4 pdc from Win2000 AD? 2
Removal of Additonal domain controller from active directory 1
Delete an long removed server from Active Directory 3
Can't remove Active DIrectory!! 2

Back
Top