Unable to re-add a domain contorller after running dcpromo /forceremoval

Posted on 2008-10-18
Medium Priority
Last Modified: 2013-12-05
I ma sitting at a client location that has two domain controlers. 1 Windows 2000 and 1 Windows 2003. The Windows 2003 controller had been unable to communicate long enough that it had past the tombstone period so I went ahead and removed the active directory however it was unsuccessful without using DCPromo /forceremoval. I forcably removed it and and went through on the Windows 2000 mahcine and cleaned up the metabase, dns, and ad.

Now I am trying to re-add the domain and it is continually failing giving me this error "The service did not respond to the start or control request in a timely matter" I get this error if I try to create the machine as a domain controller or as a computer on the domain.  Any ideas?
Question by:nlhess2003
LVL 63

Expert Comment

ID: 22750338
1) Are you sure you rpoperly removes everything, including the metadata ?

2) Double check AD and DNS

3) what shows up in the event logs of both  servers ?

I hope this helps !

Author Comment

ID: 22750361
metadata looks clean as does AD and DNS.

No errors are reported in the logs on either machine.
LVL 42

Expert Comment

by:Paul Solovyovsky
ID: 22751072
try this:


Make sure that FSMO roles are on the DC.  There may be issues because the the AD was upgraded to 2003 and you're now working from a 2000 DC.  You may want to run adrep again
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.


Author Comment

ID: 22751140
All of the roles are on the Windows 2000 server. The Win 2000 server has been the primary domain controller all along. The Win 2003 server was just a backup DC that happened to not to synchromized for over a year locking it out. That is why I demoted it forcably. I will try the microsoft support article tomorrow.
LVL 31

Expert Comment

by:Henrik Johansson
ID: 22752578
Check the DNS settings on the joining computer and ensure that it's only pointing on a working DNS server authorative/aware of the AD DNS domain. As it has been a DC, it's propably pointing on itself for DNS resolution, but doesn't have the DNS service running/working correctly since the demote.
When promote is complete, configure both DCs to use the other DC/DNS as secondary DNS server to avoid problems.

Stop talking about primary/backup DC in AD environment. That is old NT4-stuff and doesn't exist in AD.

Author Comment

ID: 22752686
The DNS Is configured correctly it is pointing to the DNS on the existing domain controller.
LVL 63

Expert Comment

ID: 22754487
Have you rebooted the win2k server after the cleanup ?


Accepted Solution

nlhess2003 earned 0 total points
ID: 22772367
After trying everything under the sun we finally found a solution. Apperantly some of the networking services became corrupt after the force removal from the domain. We uninstalled Client for Microsoft Networking and reinstalled it through the properties on the Network Adapter on the . The reinstall was a little tricky it took 3 reboots of the server to get it to reappear in the networking options. Then the machines was able to be reconnected to the domain.

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question