Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cannot remove child domain

Posted on 2004-04-19
14
869 Views
Last Modified: 2007-12-19
Hi

We have a single forest with 2 domains, the root domain and a child domain.  We have tried to remove the child domain but without success.  All but one domain controllers in the child domain were demoted gracefully, but when I came to remove the last domain controller, and ticked "This is the last domain controller" it refused, saying there were other domain controllers still in the domain.

I have used ntdsutil as per intructions on Q251307 but the domain refuses to go away.  I have manually removed the last domain controller from the Directory using NTDSUTIL and tried to delete the domain, but I get an error:
"DsRemoveDsDomainW error 0x2162(The requested domain could not be deleted because there exist domain controllers that still host this domain.)"

Can anyone offer any advice?  I have issues in that some of my remote DCs are refusing to become GCs because it is trying to host a partion of the child domain but cannot.  i thought removing the domain would resolve this issue but it hasn't.

Any advice greatly appreciated.

Rgds,
paul
0
Comment
Question by:biauk
  • 7
  • 7
14 Comments
 
LVL 16

Expert Comment

by:JamesDS
ID: 10858485
biauk

The reason Q251307 didn't work is usually because your DNS is not 100% operational

Check your DNS eventlogs for any messages and make sure ALL DCs are pointing to the same DNS servers.
Run IPCONFIG /REGISTERDNS at each DC to make sure the correct entries are in place and once all server are able to resolve each other you should be able to retry Q251307 without error.

You got the DsRemoveDsDomainW error because the DNS server still had entries in it for the old DCs which suggests that DNS had not replicated all changes before you attempted to remove the last DC. You can get this behaviour when DNS is AD integrated or set us as primary/secondary - although AD integrated is much more susceptible to incorrent configuration.

Cheers

JamesDS
0
 

Author Comment

by:biauk
ID: 10863315
Hi James

I have tried your suggestions above, but I am still getting 0x2162.  I have gone through the DNS (AD Intergrated) and removed all entries that refer to the child domain, but the error still persists.

Any other options?

Thanks,
Paul
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10866064
biauk
Have you tried to use NTDSUTIL to remove these phantom domain controllers?

Cheers

JamesDS
0
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

 

Author Comment

by:biauk
ID: 10866927
james

I have, but the thing is that all the DCs from the old domain have been removed.  Ive been in to each site and they're not there.

Is there a way I can do a search to see if there are any references to the old domain in there?

Thanks,
Paul
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10867021
Paul

>>all the DCs from the old domain have been removed
Not really, you just cant see them - this is what NTDSUTIL is for!

Start by looking at Q216498 and let me know if that is going to solve your problem. I can't just give you the commands because they will be different for your domain and DCs but you will be able to work through the technet fix.

The answer is there and we will be able to fix it, so hang in there :)
Cheers

JamesDS
0
 

Author Comment

by:biauk
ID: 10869742
James,

I've done this and it still won't go away!!

there are some errors on some of our servers regarding Global catalogues.

"EVENT ID 1559
A request has been made to promote this DSA to a Global Catalog (GC). A precondition to becoming a GC is that this server host a read-only copy of all partitions in the enterprise.  This server should hold a copy of partition DC="CHILD
CNF:9583b2df-c4a2-4115-ba79-88a0596665b1",DC=corp,DC=abc,DC=co,DC=uk but it does not. This system will not be promoted to a GC until this condition is met.
 
 This may be because the KCC has not run, or that it is unable to add a replica of the partition because all of its sources are down.  Please check the event log for KCC errors.
 
 The KCC will retry adding the replica."

where CHILD is the domain that I'm trying to remove.  There is a hotfix available from Microsoft "Q810089" which I haven't run yet as I'm always wary about getting these sort of fixes.  Have you come across this before?

Thanks,
paul
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10869921
biauk
Q810089 does'nt exist that I could find, so I can't comment

If the fix is a QFE related to this issue then you should install it.

Cheers

JamesDS
0
 

Author Comment

by:biauk
ID: 10870009
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10872545
biauk
This looks like it relates to your problems, I recommend you install it.

Let me know how it goes

Cheers

JamesDS
0
 

Author Comment

by:biauk
ID: 10876828
After speaking to Microsoft, I'm going to install this hotfix
http://support.microsoft.com/default.aspx?scid=kb;en-us;825952&Product=win2000

I will let you know tomorrow if this works.
0
 

Author Comment

by:biauk
ID: 10882662
James

Ive installed the above hotfix and still no joy.....i'm getting rather bored of it all now!! :-)
0
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
ID: 10886270
biauk
The only way I know of to remove orphaned entries from AD is using ADSIEdit (from the support tools pack on the CD) and NTDSUTIL. If this isn't working for you then I cannot suggest anything else, other than contacting microsoft and paying the $250 to get a PSS support call raised.

Sorry I can't help further.

Cheers

JamesDS
0
 

Author Comment

by:biauk
ID: 10888976
James

Just thought I'd let you know that I have resolved this, at long last!!  It was caused by a rogue NTDS Settings object under Lostandfoundconfig within the Configuration container.  I deleted this, then went through the instructions on 230306, and the domain deleted!!  Now all of my remote sites are becoming global catalogues so now I'm a happy chappy!!

I'm new to to this site so I'm not sure how the points thing is supposed to work.  Can you give me a quick rundown of how it works?

Thanks again,
paul
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10890332
Paul

Glad you sorted it and thank you for posting the fix so that other users benefit.

The points thing is down to you and you have two choices:
If you feel I was no help (as the only contributor) then you can go to community support and request a refund of your points - I will raise no objections to this and the refund will go through as soon as they can process it.

If you feel I did help then you can accept one of my responses and I will get the points, for which I will be grateful.

Cheers

JamesDS
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Giving access to ESXi shell console is always an issue for IT departments to other Teams, or Projects. We need to find a way so that teams can use ESXTOP for their POCs, or tests without giving them the access to ESXi host shell console with a root …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question