Removing an orphaned server from Active Directory

Posted on 2010-08-19
Medium Priority
Last Modified: 2012-05-10
Hello all,
I have a Windows 2003 R2 server that is failed in such a way that I cannot logon interactively (either at the console or via remote session) without a Blue Screen. However, it is otherwise operational in the background.
I have added a server and replicated the 5 roles to it and made it a global catalog. A different server is a working DNS replica.

My plan:
I will need to run a repair Windows server installation on the faulty server, rejoin it to the domain, and re-replicate the domain data.
However, I assume I will first need to remove this faulty server from the domain directory before rejoining after a reinstall. Since I cannot login interactively on the host, I cannot uninstall active directory services as would normally be done.

I've never removed an orphaned server and would like a little hand holding.

By the way, I have tape backups and a recent system state backup of the failed server, but the restores of either are what caused this issue of Blue Screens. I think there is a mismatched system file or something of the sort, which is why I feel reinstalling the OS (repairing the install) would be the best route. Since all the \Program Files and data are there, perhaps I can use the backed up software hive and be OK.

Any input appreciated.

Question by:ChrisHelvey
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 2

Accepted Solution

marektech earned 1000 total points
ID: 33475503
If you are talking about removing a failed domain controller, you say server, from a network then this article is a great resource:


Assisted Solution

Joshua1909 earned 1000 total points
ID: 33475740
This is one of the better articles I've seen on removing an orphaned DC:

Used it successfully recently myself.

Author Comment

ID: 33475777
Thanks, I'm following these instructions. (Though they are for Win 2008.)

"Seize naming master" returns with incorrect syntax. Called something else in this version?
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Author Comment

ID: 33475797
Got it "Seize Domain Naming Master"

Author Comment

ID: 33475976
I'm at the metadata cleanup part. I have no option for "list sites."
My domain is named indianawood.com
The bad server is named FPS02
The new replication server is named ADS2
I am at the console of ADS2 using NTDSutil and connected to controller ADS2
I have "Select Operation Target" as an option.

A little help? I'm nervous about what I am about to do. This server is currently operational as an AD controller. I suppose I should shut it off before the next step?
Am I forgetting anything else? I have operating DNS. DHCP is on the old server - I should try to write down that data from an MMC connection remotely as there are some reservations in there.

Expert Comment

ID: 33476099
So you have successfully seized all roles from the old domain controller. That's a good thing.

You can try using the metadata clean up instructions Joshua1909 posted - they are for 2003 if that helps. I can vouch for that guide too.

Anything like this should be done out of hours though as you don't want to affect users. As you mentioned things like DHCP if they are on the DC which is being removed will need to be reconfigured.

Author Comment

ID: 33476325
All roles are seized. I'll look at this guide as well. Thanks.

Author Comment

ID: 33476445
Do you think there will be an issue putting this back in the directory as the same name (FPS02?) Lots of things point to it that I do not want to reconfigure.

Author Comment

ID: 33476524
According to this article:
Perhaps I should just add it in as a member server, wait the 14 day period and then re-replicate. Not a problem for me to do that. I'm trying to anticipate what other problems I may run in to.

Anything else you can think of, let me have it.

Author Comment

ID: 33476614
I am going to do this now as I have a window of time to have it down.

So, just to make sure I am correct in this cleanup:
I am on the ADS2 box running metadata cleanup.
I am currently connected to ADS2.

I'm confused on the syntax. I want to remove FPS02 from the Directory for indianawood.com domain.
"Remove selected Server FPS02" should do it? or do I use "Select Operation Taget" and choose FPS02 first?

Author Comment

ID: 33477235
Found it: http://www.petri.co.il/fix_unsuccessful_demotion.htm 

I am waiting to do this to see how the reinstall goes. If I can use my saved config\software hive to make things like ZetaFax, shares, etc, work properly then I'll follow through with it. I made a copy of the \Windows directory using robocopy so if it all goes to hell, I could get back to this place and the active directory would be OK with it. Permissions might be a problem wth those things until I am rejoined anyway, so we'll see.  

Author Closing Comment

ID: 33496452
The referred documents by both posters were helpful, so I split the points.
In the end, I found a backup tape that worked in restoring the system state. Then I manually changed all the DNS entries to only use the restored server for domain authentication (by removing the name of the second one in all the records.) The main problem was an incompatibility between versions of NovaBackup. The trial version downloaded from the site imported my tape but would not show the system state as an option to restore. As a last ditch effore, I found enough of the original version to run and import. Voiala, it was there.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question