[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


How to Remove a Domain Controller manually?

Posted on 2004-11-21
Medium Priority
Last Modified: 2012-08-13
I have a Mixed Domain. Two Windows 2000 Domain Controller, and one Windows NT Backup Domain. Yesterday one of the Windows 2000 Domain controller failed. Motherboard Error. The machine will be replaced. However the windows 2000 domain controller shows an error/warning by trying to sync updates and it is not finding the second windows 2000 domain controller.

Active Directory still shows the second domain controller.

Is there anyway to manually clean this up?
Question by:Christian_Agard
  • 2
LVL 11

Expert Comment

ID: 12640497

Accepted Solution

swinterborn earned 2000 total points
ID: 12640506
Theres a number of steps to this.

1) Use the command line utility ntdsutil.
   Enter 'Roles'
    Enter 'Connections'
   Enter 'Connect to server yourservername' - this is your current server
   Enter 'Quit'
   Enter '?' - you will need to seize all the roles listed, start with PDC, then RID, infratructure, domain naming, schema.
   At the console enter 'metadata cleanup'
   Enter 'Select Operation Target'
   Enter '?'  -you will need to use the commands listed to find the numeric reference to the deceased server, and then use the reference in the 'Select Server %d' command. The selected server is the one you will remove from AD
   Enter 'Quit'
   enter 'Remove Selected Server'
  Exit ntdsutil
2) Use AD Sites and Services to remove any replication objects that may still exist
3) use adsiedit.msc, part of the resource kit, to delete the computer account from AD. AD Users and Computers will never allow you to delete an account that has been a DC.
    Find the account in the tree, right click and select delete. You will get a warning about child objects, proceed. You may get an error, and the account will still be there. for some reason, it only ever deletes the child objects. delete it again.
4) Use DNS Admin to clean up any DNS records. This should have been done by ntdsutil, but it is worth checking. Look through all the SRV records and verify no trace exists.
    If the DC was a Global Catalog server, there will be a host record on the GC subdomain.

After all this, the old server is truly dead and buried


Expert Comment

ID: 12640513
Sorry, in ntdsutil, use the 'quit' command in the roles section before entering metadata cleanup

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Most folks would know the basics of how Dropbox works, so that’s not the purpose of this article. Security is what it’s all about, so here I’ll share how I choose to secure my Dropbox Account and the Data it contains.
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question