Remove Domain Controller

[Guest]

There's a domain controller listed when i'm in aduc when I right click on the
domain and select connect to a domain controllerm that is non existent
anywhere else in active directory. How can I resolve this issue and remove
the dc. I tried using ntdsutil and metadata cleanup to see if it was listed
there and no luck.

 

[Jorge de Almeida Pinto [MVP - DS]]

if you already tried NTDSUTIL and nothing has been found, you can just
delete the computer account of the DC. If you are not able to, try to use
ADISIEDIT.MSC

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG (WEB-BASED)--> http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)--> http://blogs.dirteam.com/blogs/jorge/rss.aspx

 

[Guest]

The problem is that there is no computer account in Active Directory.

 

[Adam]

The problem is that there is no computer account in Active Directory.

Ok, so the real low-level solution Jorge suggested was using ADSI Edit
from the Support Tools on the Server CD which is a low level Active
Directory editor that you can use to remove the object that is causing
it to be listed.

Before you do that can you check Sites and Services -- is the DC still
listed there?

 

[Harj]

Ok, so the real low-level solution Jorge suggested was using ADSI Edit
from the Support Tools on the Server CD which is a low level Active
Directory editor that you can use to remove the object that is causing
it to be listed.

Before you do that can you check Sites and Services -- is the DC still
listed there?

Hi,

Hold on just a sec before you start right clicking domain controllers
from ADUC or ADSIedit.
First and formost by using NTDSUTIL go through a metadata cleanup to
make SURE there is no DC;s that should not be in the metadata.
THEN go into ADSIedit and remove any information pertaining to this
old DC. (all mentioned in the article below)
There is more to remove in ADSIedit other than just the computer
object if this DC was not removed correctly.
Verify that this machine did not hold any FSMO roles and if so, seize
the roles to a working machine or better transfer. I doubt you will
be able to transfer them.
I would imagine that if this did hold any of the FSMO roles you would
have seen some weird things going on already.
Perform a metadata cleanup via NTDSUTIL from the support tools.
Go through ADSIedit to remove anything pointing to this old DC. (again
all in the doc)
Go thorugh DNS and remove any records there plus double check under
the Name Servers tab.
NOW you can go through Sites and Services and delete anything there
pointing to the old DC. If all the above is performed correctly you
will not have to go to Sites and Services.

Remember, this is just not a petty workstation, this is a domain
controller after all.

How to remove data in Active Directory after an unsuccessful domain
controller demotion
http://support.microsoft.com/kb/216498

Using Ntdsutil.exe to transfer or seize FSMO roles to a domain
controller
http://support.microsoft.com/kb/255504


Good Luck

Harj Singh
Power Your Active Directory Investment
www.specopssoft.com

 

[roger fong]

yes

Hi,

Hold on just a sec before you start right clicking domain controllers
from ADUC or ADSIedit.
First and formost by using NTDSUTIL go through a metadata cleanup to
make SURE there is no DC;s that should not be in the metadata.
THEN go into ADSIedit and remove any information pertaining to this
old DC. (all mentioned in the article below)
There is more to remove in ADSIedit other than just the computer
object if this DC was not removed correctly.
Verify that this machine did not hold any FSMO roles and if so, seize
the roles to a working machine or better transfer. I doubt you will
be able to transfer them.
I would imagine that if this did hold any of the FSMO roles you would
have seen some weird things going on already.
Perform a metadata cleanup via NTDSUTIL from the support tools.
Go through ADSIedit to remove anything pointing to this old DC. (again
all in the doc)
Go thorugh DNS and remove any records there plus double check under
the Name Servers tab.
NOW you can go through Sites and Services and delete anything there
pointing to the old DC. If all the above is performed correctly you
will not have to go to Sites and Services.

Remember, this is just not a petty workstation, this is a domain
controller after all.

How to remove data in Active Directory after an unsuccessful domain
controller demotion
http://support.microsoft.com/kb/216498

Using Ntdsutil.exe to transfer or seize FSMO roles to a domain
controller
http://support.microsoft.com/kb/255504


Good Luck

Harj Singh
Power Your Active Directory Investment
www.specopssoft.com