[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Cannot remove failed DCPROMO Demotion DC from domain

Posted on 2006-07-08
Medium Priority
Last Modified: 2008-01-09
I took over a company network a couple of months back which is all 2003 standard with SP1 with XP Clients and noticed straight away that 1 DC had being demoted some how,
I assume using DCPROMO but its still showing up as a DC everywhere in AD and giving replication errors.

Ive since bought in 2 new HP Proliant DL 380s to help beef up the network with 2003 R2 on them but I wont dcpromo the schema on the existing Domain too accept the new R2 for these 2 new dcs which are just sat as member servers at the moment waiting to be promoted until Ive cleaned this rogue DC out of AD.

Ive spent the last 3 hours this morning trying to remove this server using NTDSUTIL>METADATA CLEANUP>CONNECTIONS>CONNECT TO SERVER ROGUEDC
(Obviously its not called ROGUEDC)
Each time i get

>>>dsbindw error 0x6d9 there are no more endpoints available from the endpoint mapper<<<

Ive tried using the IP address/Netbios name
Ive tried running it from the actual rogue server using localhost
Ive made sure all servers are fully upto date with SPs and updates
Ive rebooted countless times and RPC is always started and the locater service is always stopped on manual, it makes no differance if I start this.
I always use an enterprise admin acc, Ive even created a new user and made it a member of the domain admins and enterprise admins and added this to the roguedcs local admins group (not that it needs it).
Using DCPROMO /FORCEREMOVAL only gives the AD Installation option there is no option on any of the pages after clicking next to force the removal.

I can connect to any of the other DCs using
From the rogue dc and from any of the other dcs, however each time I try to connect to the rogue DC I always get:

>>>dsbindw error 0x6d9 there are no more endpoints available from the endpoint mapper<<<

Its clearly showing in the Domain Controllers OU and in sites and services and shows <error: server unreachable> when using REPLMON

Any other ideas GREATLY appreciated as this is getting to be a real pain.

Question by:rpartington
  • 2
  • 2
LVL 85

Expert Comment

ID: 17064690
You need to connect to any *working* domain controller with ntdsutil, not to the rogue machine. This procedure has to be done as well when a DC completely dies and can't be restored, so it would be rather useless if you have to connect to the machine that you want to clean out.
You decide later in the process which machine to remove (step 13 in the article below): "Type select server number, where number is the number associated with the server you want to remove. You receive a confirmation listing the selected server, its Domain Name Server (DNS) host name, and the location of the server's computer account you want to remove."
How to remove data in Active Directory after an unsuccessful domain controller demotion

Author Comment

ID: 17064711
Thanks for the response obdA
However I have tried from all the dcs to connect to the rogue dc,
That was my point,
I can as a test connect from the rogue dc to the fully functioning dcs no problem and from the fully functioning dcs to another fully functioning dc,
however I simply cannot connect from a fully functioning dc to the rogue dc.
LVL 85

Accepted Solution

oBdA earned 2000 total points
ID: 17064726
As I said: do *not* connect to the rogue DC in step 5. How would you ever be able to remove a dead DC from AD if you had to connect to it to remove it? Connect to any *working* domain controller instead. Replace "servername" in the connect command with any other DC name, but NOT the name of the rogue DC.
"Type connect to server servername, and then press ENTER. You should receive confirmation that the connection is successfully established. If an error occurs, verify that the domain controller being used in the connection is available and the credentials you supplied have administrative permissions on the server."
LVL 25

Expert Comment

ID: 17064729
>>However I have tried from all the dcs to connect to the rogue dc
you dont need to connect to it,,, you need to follow what the MS article said that oBdA on a working DC (just like he said to do).

those instructions will remove the 'bad' DC from active directory regardless of it is even on the network anymore or not.


Author Comment

ID: 17064748
cheers lads, Ive being blinded by the trees here,
Even though I had that MS KB I got blinkered into that error message.
Ive now got it,
1st time Ive fell for it where you get blinkered by the error message and cant think round the problem.

Sorted now Im on my way, havent removed it will do that tomorrow, Ive had a gut full for today.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question