Remove Domain Controller


G

Guest

There's a domain controller listed when i'm in aduc when I right click on the
domain and select connect to a domain controllerm that is non existent
anywhere else in active directory. How can I resolve this issue and remove
the dc. I tried using ntdsutil and metadata cleanup to see if it was listed
there and no luck.
 
Ad

Advertisements

A

Adam

George said:
The problem is that there is no computer account in Active Directory.

Ok, so the real low-level solution Jorge suggested was using ADSI Edit
from the Support Tools on the Server CD which is a low level Active
Directory editor that you can use to remove the object that is causing
it to be listed.

Before you do that can you check Sites and Services -- is the DC still
listed there?
 
H

Harj

Ok, so the real low-level solution Jorge suggested was using ADSI Edit
from the Support Tools on the Server CD which is a low level Active
Directory editor that you can use to remove the object that is causing
it to be listed.

Before you do that can you check Sites and Services -- is the DC still
listed there?

Hi,

Hold on just a sec before you start right clicking domain controllers
from ADUC or ADSIedit.
First and formost by using NTDSUTIL go through a metadata cleanup to
make SURE there is no DC;s that should not be in the metadata.
THEN go into ADSIedit and remove any information pertaining to this
old DC. (all mentioned in the article below)
There is more to remove in ADSIedit other than just the computer
object if this DC was not removed correctly.
Verify that this machine did not hold any FSMO roles and if so, seize
the roles to a working machine or better transfer. I doubt you will
be able to transfer them.
I would imagine that if this did hold any of the FSMO roles you would
have seen some weird things going on already.
Perform a metadata cleanup via NTDSUTIL from the support tools.
Go through ADSIedit to remove anything pointing to this old DC. (again
all in the doc)
Go thorugh DNS and remove any records there plus double check under
the Name Servers tab.
NOW you can go through Sites and Services and delete anything there
pointing to the old DC. If all the above is performed correctly you
will not have to go to Sites and Services.

Remember, this is just not a petty workstation, this is a domain
controller after all.

How to remove data in Active Directory after an unsuccessful domain
controller demotion
http://support.microsoft.com/kb/216498

Using Ntdsutil.exe to transfer or seize FSMO roles to a domain
controller
http://support.microsoft.com/kb/255504


Good Luck

Harj Singh
Power Your Active Directory Investment
www.specopssoft.com
 
Ad

Advertisements

R

roger fong

yes
Harj said:
Hi,

Hold on just a sec before you start right clicking domain controllers
from ADUC or ADSIedit.
First and formost by using NTDSUTIL go through a metadata cleanup to
make SURE there is no DC;s that should not be in the metadata.
THEN go into ADSIedit and remove any information pertaining to this
old DC. (all mentioned in the article below)
There is more to remove in ADSIedit other than just the computer
object if this DC was not removed correctly.
Verify that this machine did not hold any FSMO roles and if so, seize
the roles to a working machine or better transfer. I doubt you will
be able to transfer them.
I would imagine that if this did hold any of the FSMO roles you would
have seen some weird things going on already.
Perform a metadata cleanup via NTDSUTIL from the support tools.
Go through ADSIedit to remove anything pointing to this old DC. (again
all in the doc)
Go thorugh DNS and remove any records there plus double check under
the Name Servers tab.
NOW you can go through Sites and Services and delete anything there
pointing to the old DC. If all the above is performed correctly you
will not have to go to Sites and Services.

Remember, this is just not a petty workstation, this is a domain
controller after all.

How to remove data in Active Directory after an unsuccessful domain
controller demotion
http://support.microsoft.com/kb/216498

Using Ntdsutil.exe to transfer or seize FSMO roles to a domain
controller
http://support.microsoft.com/kb/255504


Good Luck

Harj Singh
Power Your Active Directory Investment
www.specopssoft.com
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top