delete object in AD sites and services

[kimfs]

Cannot delete a server from AD sites and services. When I
go to AD sites and services, default-first-site-name,
servers, and tries to delete one of the servers which is
not in my network anymore, I get this message: "the DSA
object cannot be deleted".
How can I get rid of the server, it gives error in the log
because it no longer is on the network.

 

[Cary Shultz [A.D. MVP]]

Kimfs,

Check that the following userAccountControl attribute is set to 4096 in
ADSIEdit. I assume that it is not. Change it from the current value ( most
probably 532480 ) to 4096 and I am confident that you will be able to delete
it. Generally speaking!

Install the Support Tools and go to ADSIEdit. When you open it up you will
see Domain, Configuration and Schema. Open up Domain. You will see your
domain listed in the format of DC=yourdomain,DC=com. Open that up. You
will see all of the containers and OUs that you have. Look for the entry
OU=Domain Controllers. Open this up. You will see your DC(s) listed in the
format of CN=server01 and CN=server02 etc. Right click on the DC in
question and select Properties. Click on Optional and navigate to
userAccountControl ( it should be very close to the bottom ). Verify that
the value is 4096 ( which it probably is not ). If it is not ( it is
probably 532480 ) then edit it to be 4096. Once done you should be able to
remove it from the ADSS MMC.

ADSIEdit is a utility that is part of the Support Tools. I strongly suggest
that install the Support Tools on all of your WIN2000 Servers. The Support
Tools can be installed from either the WIN2000 Server CD or from the WIN2000
Service Pack CD ( found in the Support | Tools folder in both cases ) - or
downloaded from the MS Website. I would suggest using the WIN2000 Service
Pack CD.

I assume that you have run a dcpromo on the DC in question? This is the way
to demote a WIN2000 Domain Controller to a Member Server ( or Stand Alone if
it is the last / only DC in the environment ). Did the dcpromo process
succeed? I would guess that it did not. Can you also run a repadmin
/showreps at the command line ( the utility 'repadmin' is available to you
once you install the Support Tools ). Does the demoted DC show up? If it
does ( assuming that you have given enough time ) then I might suggest that
the DCPromo failed. have you looked at the log on the 'demoted' DC? Have
you considered running the /forceremoval switch? You also might want to do
a metadata cleanup....

HTH,

Cary

 

[David Brandt [MSFT]]

Add on to previous post which has some good info.
However please note the history of that dc is important here so let us know
if it crashed, was demoted gracefully but still showing up as dc in S/S,
just removed from domain but not demoted first, etc)

If this was a dc that crashed (or for any reason was removed from the domain
without a graceful dcpromo - which is what I'm assuming here since you're
trying to delete it from S/S and say it's no longer in the network), use the
following article. Cleaning things up in adsiedit is always a nice thing to
do as indicated.
216498 HOW TO: Remove Data in Active Directory After an Unsuccessful Domain
http://support.microsoft.com/?id=216498


--
David Brandt
Microsoft Corporation

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

 

[Cary Shultz [A.D. MVP]]

David,

Thank you for clarifying. More information would be a good thing.

Cary

 

[kimfs]

Sorry about the missing information. The DC was removed
from domain but not demoted first, by a mistake.

Thanx for all help.

kim=)

 

[Cary Shultz [A.D. MVP]]

Kimfs,

That is okay. That is why we are here and why we ask ( or, as I did,
include assumptions in my posts for you to either confirm or repute ).

In this case you will have to do a metadata cleanup. Use ntdsutil for this.
I believe that David kindly included the url for the MSKB article on how to
do this...

HTH,

Cary

 

[kimfs]

yes, he did. Thanx again, I realyy appreciate all the
help.

kim=)

 

[kimfs]

It worked, but I can't delete the computeraccount in ADUC?
Get's the same "DSA..." message. Is it important to remove
it from there or? and if how to?

Kim=)