Demote non responsive Windows 2K3 DC with NTDSUTIL

One of the drives in my second DC failed, unfortunately it takes with it part of the AD. I tried to restore it from backup but I'm missing ntds.dit and don't have the system state on backup. As of right now I have it up in Directory Services Restore mode and have not had much luck getting things back.
Which leaves me with the option to demote it from a domain controller and rejoin and set it back to replicate. DCPROMO obviously is not working on the failed DC so I'm left with NTDSUTIL to demote.

I found this article that seems to be straight forward: 

I the article it mentions to try going into the AD of another DC, locate the bad one Right-click on the failed domain controller and select the Delete command. The only selection that will possibly work is the 3rd(see picture). I have not tried it because I wanted to make sure that IF it did work and deleted the server from the AD that I could go back and re-add it.
Any input would be greatly appreciated.


Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

you will do no harm with this.  
it is definatley safer than ntdsutil, as one bad command can cause untold damage.
try this option first.
You may also have to delete it from DNS, after doing the metadata cleanup

If the demotion fails for any reason, you can forcibly demote it using dcpromo /forceremoval, after which you'll need to perform a metadata cleanup from a working DC as described here:

I hope this helps !
Floyd_DroidAuthor Commented:
Cool! I was able to remove it from the AD DC container. Hopefully, I have not yet been able to reboot the server yet since I have users still working. What other steps to I take promote it back and activate repication?
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Floyd_DroidAuthor Commented:
Nope, it still thinks it a domain controller. It came back want me to go back into Directory Services Restore mode. What now?
Floyd_DroidAuthor Commented:
Okay, I went through both steps including the domain controller is no longer there. However, when I reboot I still get the message:

lsass.exe System Error
Security Accounts Manager initialization failed because of the following error:
Directory Service cannot start. Error Status 0xC00002e1. Please click OK to shutdown and reboot into Directory Services Restore mode, check the event viewer for for detailed info.

Floyd_DroidAuthor Commented:
It's like the Active Directory is still on the machine. Is there a way to get it off?
Floyd_DroidAuthor Commented:
Okay got it off. Had to take some drastic steps and want to share them for the next poor unfortunate soul:

(Read my earlier progress posts)

I followed the below section:

"The steps of the UNSUPPORTED way of removing AD from a server with W2K and W2K3 are:"

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.