Removing an orphaned server from Active Directory

Posted on 2010-08-19
Last Modified: 2012-05-10
Hello all,
I have a Windows 2003 R2 server that is failed in such a way that I cannot logon interactively (either at the console or via remote session) without a Blue Screen. However, it is otherwise operational in the background.
I have added a server and replicated the 5 roles to it and made it a global catalog. A different server is a working DNS replica.

My plan:
I will need to run a repair Windows server installation on the faulty server, rejoin it to the domain, and re-replicate the domain data.
However, I assume I will first need to remove this faulty server from the domain directory before rejoining after a reinstall. Since I cannot login interactively on the host, I cannot uninstall active directory services as would normally be done.

I've never removed an orphaned server and would like a little hand holding.

By the way, I have tape backups and a recent system state backup of the failed server, but the restores of either are what caused this issue of Blue Screens. I think there is a mismatched system file or something of the sort, which is why I feel reinstalling the OS (repairing the install) would be the best route. Since all the \Program Files and data are there, perhaps I can use the backed up software hive and be OK.

Any input appreciated.

Question by:ChrisHelvey
  • 9
  • 2

Accepted Solution

marektech earned 250 total points
ID: 33475503
If you are talking about removing a failed domain controller, you say server, from a network then this article is a great resource:

Assisted Solution

Joshua1909 earned 250 total points
ID: 33475740
This is one of the better articles I've seen on removing an orphaned DC:

Used it successfully recently myself.

Author Comment

ID: 33475777
Thanks, I'm following these instructions. (Though they are for Win 2008.)

"Seize naming master" returns with incorrect syntax. Called something else in this version?
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.


Author Comment

ID: 33475797
Got it "Seize Domain Naming Master"

Author Comment

ID: 33475976
I'm at the metadata cleanup part. I have no option for "list sites."
My domain is named
The bad server is named FPS02
The new replication server is named ADS2
I am at the console of ADS2 using NTDSutil and connected to controller ADS2
I have "Select Operation Target" as an option.

A little help? I'm nervous about what I am about to do. This server is currently operational as an AD controller. I suppose I should shut it off before the next step?
Am I forgetting anything else? I have operating DNS. DHCP is on the old server - I should try to write down that data from an MMC connection remotely as there are some reservations in there.

Expert Comment

ID: 33476099
So you have successfully seized all roles from the old domain controller. That's a good thing.

You can try using the metadata clean up instructions Joshua1909 posted - they are for 2003 if that helps. I can vouch for that guide too.

Anything like this should be done out of hours though as you don't want to affect users. As you mentioned things like DHCP if they are on the DC which is being removed will need to be reconfigured.

Author Comment

ID: 33476325
All roles are seized. I'll look at this guide as well. Thanks.

Author Comment

ID: 33476445
Do you think there will be an issue putting this back in the directory as the same name (FPS02?) Lots of things point to it that I do not want to reconfigure.

Author Comment

ID: 33476524
According to this article:
Perhaps I should just add it in as a member server, wait the 14 day period and then re-replicate. Not a problem for me to do that. I'm trying to anticipate what other problems I may run in to.

Anything else you can think of, let me have it.

Author Comment

ID: 33476614
I am going to do this now as I have a window of time to have it down.

So, just to make sure I am correct in this cleanup:
I am on the ADS2 box running metadata cleanup.
I am currently connected to ADS2.

I'm confused on the syntax. I want to remove FPS02 from the Directory for domain.
"Remove selected Server FPS02" should do it? or do I use "Select Operation Taget" and choose FPS02 first?

Author Comment

ID: 33477235
Found it: 

I am waiting to do this to see how the reinstall goes. If I can use my saved config\software hive to make things like ZetaFax, shares, etc, work properly then I'll follow through with it. I made a copy of the \Windows directory using robocopy so if it all goes to hell, I could get back to this place and the active directory would be OK with it. Permissions might be a problem wth those things until I am rejoined anyway, so we'll see.  

Author Closing Comment

ID: 33496452
The referred documents by both posters were helpful, so I split the points.
In the end, I found a backup tape that worked in restoring the system state. Then I manually changed all the DNS entries to only use the restored server for domain authentication (by removing the name of the second one in all the records.) The main problem was an incompatibility between versions of NovaBackup. The trial version downloaded from the site imported my tape but would not show the system state as an option to restore. As a last ditch effore, I found enough of the original version to run and import. Voiala, it was there.

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

816 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now