insufficient access rights to delete dc

  • Thread starter Thread starter Yor Suiris
  • Start date Start date
Y

Yor Suiris

Lost a DC (ungracfully) and need to delete it from AD. But when using
ADSIedit (As Per MS Doc 216498) to do so I get "insufficient access rights
to perform the operation". I am using an account that is a memeber of
Schema Admin, Enterprise Admin, Domain Admin, and even Local Admin. So who
has more rights?
Now I need to rebuild a machine with the same name as it was a Certificate
Server & IIS gateway and I would rather not go through it all again. I have
transfred or seized all roles.
I did try an restore, installed enough software to try a System State
Restore, so as to gracefully demote or move things. But end up with a blue
screen and an inaccessible boot device error. I tried three times in the
last two days. So I want to forget the restore and rebuild (I would have
finished it yesterday if I had not held out hope for the restore).
And Yes I have backed up the IIS and Certificate stuff in preparation of
creating a new server with the same name (as per MS Doc 298138 & 302573)
I am currently ready to do DCpromo but still have old entries in AD for the
name I want to use.
Any suggestions out there?
Thanks for your time...
 
You need to do a metadata cleanup with ntdsutil.exe Follow the steps in
this KB article and then after you complete this you need to use adsiedit
and remove any left over stuff from crashed DC and then make sure dns is
clean. After this you can then dcpromo rebuilt server.

HOW TO: Remove Data in Active Directory After an Unsuccessful Domain
Controller Demotion
http://support.microsoft.com/default.aspx?kbid=216498

HTH

Paul
 
That is what I was trying to do, Dah!

Paul McGuire said:
You need to do a metadata cleanup with ntdsutil.exe Follow the steps in
this KB article and then after you complete this you need to use adsiedit
and remove any left over stuff from crashed DC and then make sure dns is
clean. After this you can then dcpromo rebuilt server.

HOW TO: Remove Data in Active Directory After an Unsuccessful Domain
Controller Demotion
http://support.microsoft.com/default.aspx?kbid=216498

HTH

Paul
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Cannot Demote DC 1
--------Before Rebuilding a dead DC 1
clean failed DC out of AD do i only need to do KB 216498? 1
User Access to a DC 8
Insufficient Rights to Modify LDAP Policy? 3
Root DC Lost 5
?re-promoting a demoted DC that used to hold FSMO role 3
Insufficient rights to open PST 2

Back
Top