<

How to Remove a Failed Domain Controller

Published on
36,093 Points
22,793 Views
23 Endorsements
Last Modified:
Awarded
Community Pick

One of the tasks that every Active Directory administrator has to learn is how to remove a failed or offline Domain Controller (DC) from the environment.  The easiest method is to use DCPROMO, however if the DC is already offline or had a catastrophic failure this is not going to be an option.  You also don't want to leave it to the Garbage Collection process as you will have nagging issues within Active Directory (AD).  What you need to do is remove the DC's metadata info from AD.  This involves using a command called NTDSUTIL.  NTDSUTIL is a command line tool that allows you to perform some of the more advanced Active Directory maintenance tasks.

Below are the steps needed to remove a failed or offline Domain Controller from your environment.  I have included additional steps that are needed to remove the leftover data in Active Directory Sites and Services as well as DNS.  Those two areas are often overlooked.

Step by Step Procedure

1. Open the Command Prompt

2. Type:
ntdsutil

Open in new window

(all the commands will be entered via this command prompt)

3. Type:  
metadata cleanup

Open in new window


TIP: NTDSUTIL does not require the full command to be entered; you only have to enter enough of the command that is unique.  For Example, instead of typing metadata cleanup you could just type met cle or better yet m c.

4. Type:  
connections

Open in new window


5. Type:
connect to server <ServerName>

Open in new window

replace <ServerName> with the name of a functional DC in your environment, even if you are logged in locally.  

6. Type:
quit 

Open in new window


7. Type:  
select operation target 

Open in new window


8. Type:
lists sites 

Open in new window


9. Type:
select site <#> 

Open in new window

where <#> is the site where the failed or offline DC resided

10. Type:
list servers in site 

Open in new window


11. Type:
select server <#>  

Open in new window

where <#> is the DC that is failed or offline

12. Type:
list domains 

Open in new window


13. Type:
select domain <#> 

Open in new window

where <#> is the domain where the failed or offline DC resided (at this point you should verify that the site, server and domain are all selected)

14. Type:
quit 

Open in new window

(this should set you back to the metadata cleanup menu)

15. Type:
remove selected server 

Open in new window

(a warning message will pop up, verify that this is the correct DC, in fact get a peer to verify it for you too)

16. Click Yes

17. Open Active Directory Sites and Services

18. Expand out the site that the failed or offline DC resided in

19. Verify the DC cannot be expanded out (no connection objects and such)

20. Right Click the DC and select Delete  

21. Close Active Directory Sites and Services

22. Open DNS Manager

23. Expand the zones where this DC was also a DNS server and perform the following steps

24. Right click the zone and select Properties  

25. Click the Name Servers tab  

26. Remove the failed or offline DC from the Name Servers tab  

27. Click OK to also remove the HOST (A) or Pointer (PTR) record if asked

28. Verify the zone no longer has a DNS record for the failed or offline DC

29. Make sure that none of your existing DCs, Clients, and/or DHCP Scopes is using the failed or offline DCs IP for DNS.  

23
Author:Brian
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.
Get 7 days free