<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

How to Remove a Failed Domain Controller

Published on
36,001 Points
22,701 Views
23 Endorsements
Last Modified:
Awarded
Community Pick

One of the tasks that every Active Directory administrator has to learn is how to remove a failed or offline Domain Controller (DC) from the environment.  The easiest method is to use DCPROMO, however if the DC is already offline or had a catastrophic failure this is not going to be an option.  You also don't want to leave it to the Garbage Collection process as you will have nagging issues within Active Directory (AD).  What you need to do is remove the DC's metadata info from AD.  This involves using a command called NTDSUTIL.  NTDSUTIL is a command line tool that allows you to perform some of the more advanced Active Directory maintenance tasks.

Below are the steps needed to remove a failed or offline Domain Controller from your environment.  I have included additional steps that are needed to remove the leftover data in Active Directory Sites and Services as well as DNS.  Those two areas are often overlooked.

Step by Step Procedure

1. Open the Command Prompt

2. Type:
ntdsutil

Open in new window

(all the commands will be entered via this command prompt)

3. Type:  
metadata cleanup

Open in new window


TIP: NTDSUTIL does not require the full command to be entered; you only have to enter enough of the command that is unique.  For Example, instead of typing metadata cleanup you could just type met cle or better yet m c.

4. Type:  
connections

Open in new window


5. Type:
connect to server <ServerName>

Open in new window

replace <ServerName> with the name of a functional DC in your environment, even if you are logged in locally.  

6. Type:
quit 

Open in new window


7. Type:  
select operation target 

Open in new window


8. Type:
lists sites 

Open in new window


9. Type:
select site <#> 

Open in new window

where <#> is the site where the failed or offline DC resided

10. Type:
list servers in site 

Open in new window


11. Type:
select server <#>  

Open in new window

where <#> is the DC that is failed or offline

12. Type:
list domains 

Open in new window


13. Type:
select domain <#> 

Open in new window

where <#> is the domain where the failed or offline DC resided (at this point you should verify that the site, server and domain are all selected)

14. Type:
quit 

Open in new window

(this should set you back to the metadata cleanup menu)

15. Type:
remove selected server 

Open in new window

(a warning message will pop up, verify that this is the correct DC, in fact get a peer to verify it for you too)

16. Click Yes

17. Open Active Directory Sites and Services

18. Expand out the site that the failed or offline DC resided in

19. Verify the DC cannot be expanded out (no connection objects and such)

20. Right Click the DC and select Delete  

21. Close Active Directory Sites and Services

22. Open DNS Manager

23. Expand the zones where this DC was also a DNS server and perform the following steps

24. Right click the zone and select Properties  

25. Click the Name Servers tab  

26. Remove the failed or offline DC from the Name Servers tab  

27. Click OK to also remove the HOST (A) or Pointer (PTR) record if asked

28. Verify the zone no longer has a DNS record for the failed or offline DC

29. Make sure that none of your existing DCs, Clients, and/or DHCP Scopes is using the failed or offline DCs IP for DNS.  

23
Comment
Author:Brian
1 Comment
LVL 14

Expert Comment

by:Hedley Phillips
Hi,

Shouldn't Step 7:

Type select operations target

read:

Type select operation target

0

Featured Post

Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Join & Write a Comment

This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month