How to Remove a Failed Domain Controller

One of the tasks that every Active Directory administrator has to learn is how to remove a failed or offline Domain Controller (DC) from the environment.  The easiest method is to use DCPROMO, however if the DC is already offline or had a catastrophic failure this is not going to be an option.  You also don't want to leave it to the Garbage Collection process as you will have nagging issues within Active Directory (AD).  What you need to do is remove the DC's metadata info from AD.  This involves using a command called NTDSUTIL.  NTDSUTIL is a command line tool that allows you to perform some of the more advanced Active Directory maintenance tasks.

Below are the steps needed to remove a failed or offline Domain Controller from your environment.  I have included additional steps that are needed to remove the leftover data in Active Directory Sites and Services as well as DNS.  Those two areas are often overlooked.

Step by Step Procedure

1. Open the Command Prompt

2. Type:

ntdsutil

Select all Open in new window

(all the commands will be entered via this command prompt)

3. Type:  

metadata cleanup

Select all Open in new window

4. Type:  

connections

Select all Open in new window

5. Type:

connect to server <ServerName>

Select all Open in new window

replace <ServerName> with the name of a functional DC in your environment, even if you are logged in locally.  

6. Type:

quit 

Select all Open in new window

7. Type:  

select operation target 

Select all Open in new window

8. Type:

lists sites 

Select all Open in new window

9. Type:

select site <#> 

Select all Open in new window

where <#> is the site where the failed or offline DC resided

10. Type:

list servers in site 

Select all Open in new window

11. Type:

select server <#>  

Select all Open in new window

where <#> is the DC that is failed or offline

12. Type:

list domains 

Select all Open in new window

13. Type:

select domain <#> 

Select all Open in new window

where <#> is the domain where the failed or offline DC resided (at this point you should verify that the site, server and domain are all selected)

14. Type:

quit 

Select all Open in new window

(this should set you back to the metadata cleanup menu)

15. Type:

remove selected server 

Select all Open in new window

(a warning message will pop up, verify that this is the correct DC, in fact get a peer to verify it for you too)

16. Click Yes

17. Open Active Directory Sites and Services

18. Expand out the site that the failed or offline DC resided in

19. Verify the DC cannot be expanded out (no connection objects and such)

20. Right Click the DC and select Delete  

21. Close Active Directory Sites and Services

22. Open DNS Manager

23. Expand the zones where this DC was also a DNS server and perform the following steps

24. Right click the zone and select Properties  

25. Click the Name Servers tab  

26. Remove the failed or offline DC from the Name Servers tab  

27. Click OK to also remove the HOST (A) or Pointer (PTR) record if asked

28. Verify the zone no longer has a DNS record for the failed or offline DC

29. Make sure that none of your existing DCs, Clients, and/or DHCP Scopes is using the failed or offline DCs IP for DNS.