Awards
- Community Pick
- Experts Exchange Approved
One of the tasks that every Active Directory administrator has to learn is how to remove a failed or offline Domain Controller (DC) from the environment. The easiest method is to use DCPROMO, however if the DC is already offline or had a catastrophic failure this is not going to be an option. You also don't want to leave it to the Garbage Collection process as you will have nagging issues within Active Directory (AD). What you need to do is remove the DC's metadata info from AD. This involves using a command called NTDSUTIL. NTDSUTIL is a command line tool that allows you to perform some of the more advanced Active Directory maintenance tasks.
Below are the steps needed to remove a failed or offline Domain Controller from your environment. I have included additional steps that are needed to remove the leftover data in Active Directory Sites and Services as well as DNS. Those two areas are often overlooked.
Step by Step Procedure
1. Open the Command Prompt
2. Type:
(all the commands will be entered via this command prompt)
3. Type:
3. Type:
TIP: NTDSUTIL does not require the full command to be entered; you only have to enter enough of the command that is unique. For Example, instead of typing metadata cleanup you could just type met cle or better yet m c.
4. Type:
5. Type:
replace <ServerName> with the name of a functional DC in your environment, even if you are logged in locally.
6. Type:
6. Type:
7. Type:
8. Type:
9. Type:
where <#> is the site where the failed or offline DC resided
10. Type:
10. Type:
11. Type:
where <#> is the DC that is failed or offline
12. Type:
12. Type:
13. Type:
where <#> is the domain where the failed or offline DC resided (at this point you should verify that the site, server and domain are all selected)
14. Type:
14. Type:
(this should set you back to the metadata cleanup menu)
15. Type:
15. Type:
(a warning message will pop up, verify that this is the correct DC, in fact get a peer to verify it for you too)
16. Click Yes
17. Open Active Directory Sites and Services
18. Expand out the site that the failed or offline DC resided in
19. Verify the DC cannot be expanded out (no connection objects and such)
20. Right Click the DC and select Delete
21. Close Active Directory Sites and Services
22. Open DNS Manager
23. Expand the zones where this DC was also a DNS server and perform the following steps
24. Right click the zone and select Properties
25. Click the Name Servers tab
26. Remove the failed or offline DC from the Name Servers tab
27. Click OK to also remove the HOST (A) or Pointer (PTR) record if asked
28. Verify the zone no longer has a DNS record for the failed or offline DC
29. Make sure that none of your existing DCs, Clients, and/or DHCP Scopes is using the failed or offline DCs IP for DNS.
16. Click Yes
17. Open Active Directory Sites and Services
18. Expand out the site that the failed or offline DC resided in
19. Verify the DC cannot be expanded out (no connection objects and such)
20. Right Click the DC and select Delete
21. Close Active Directory Sites and Services
22. Open DNS Manager
23. Expand the zones where this DC was also a DNS server and perform the following steps
24. Right click the zone and select Properties
25. Click the Name Servers tab
26. Remove the failed or offline DC from the Name Servers tab
27. Click OK to also remove the HOST (A) or Pointer (PTR) record if asked
28. Verify the zone no longer has a DNS record for the failed or offline DC
29. Make sure that none of your existing DCs, Clients, and/or DHCP Scopes is using the failed or offline DCs IP for DNS.
by: Mr-Madcowz on 2010-04-15 at 08:49:14ID: 13260
Shouldn't Step 7:
Type select operations target
read:
Type select operation target