Removing an orphaned server from Active Directory

Hello all,
I have a Windows 2003 R2 server that is failed in such a way that I cannot logon interactively (either at the console or via remote session) without a Blue Screen. However, it is otherwise operational in the background.
I have added a server and replicated the 5 roles to it and made it a global catalog. A different server is a working DNS replica.

My plan:
I will need to run a repair Windows server installation on the faulty server, rejoin it to the domain, and re-replicate the domain data.
However, I assume I will first need to remove this faulty server from the domain directory before rejoining after a reinstall. Since I cannot login interactively on the host, I cannot uninstall active directory services as would normally be done.

I've never removed an orphaned server and would like a little hand holding.

By the way, I have tape backups and a recent system state backup of the failed server, but the restores of either are what caused this issue of Blue Screens. I think there is a mismatched system file or something of the sort, which is why I feel reinstalling the OS (repairing the install) would be the best route. Since all the \Program Files and data are there, perhaps I can use the backed up software hive and be OK.

Any input appreciated.

Who is Participating?
marektechConnect With a Mentor Commented:
If you are talking about removing a failed domain controller, you say server, from a network then this article is a great resource:
Joshua1909Connect With a Mentor Commented:
This is one of the better articles I've seen on removing an orphaned DC:

Used it successfully recently myself.
ChrisHelveyAuthor Commented:
Thanks, I'm following these instructions. (Though they are for Win 2008.)

"Seize naming master" returns with incorrect syntax. Called something else in this version?
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

ChrisHelveyAuthor Commented:
Got it "Seize Domain Naming Master"
ChrisHelveyAuthor Commented:
I'm at the metadata cleanup part. I have no option for "list sites."
My domain is named
The bad server is named FPS02
The new replication server is named ADS2
I am at the console of ADS2 using NTDSutil and connected to controller ADS2
I have "Select Operation Target" as an option.

A little help? I'm nervous about what I am about to do. This server is currently operational as an AD controller. I suppose I should shut it off before the next step?
Am I forgetting anything else? I have operating DNS. DHCP is on the old server - I should try to write down that data from an MMC connection remotely as there are some reservations in there.
So you have successfully seized all roles from the old domain controller. That's a good thing.

You can try using the metadata clean up instructions Joshua1909 posted - they are for 2003 if that helps. I can vouch for that guide too.

Anything like this should be done out of hours though as you don't want to affect users. As you mentioned things like DHCP if they are on the DC which is being removed will need to be reconfigured.
ChrisHelveyAuthor Commented:
All roles are seized. I'll look at this guide as well. Thanks.
ChrisHelveyAuthor Commented:
Do you think there will be an issue putting this back in the directory as the same name (FPS02?) Lots of things point to it that I do not want to reconfigure.
ChrisHelveyAuthor Commented:
According to this article:
Perhaps I should just add it in as a member server, wait the 14 day period and then re-replicate. Not a problem for me to do that. I'm trying to anticipate what other problems I may run in to.

Anything else you can think of, let me have it.
ChrisHelveyAuthor Commented:
I am going to do this now as I have a window of time to have it down.

So, just to make sure I am correct in this cleanup:
I am on the ADS2 box running metadata cleanup.
I am currently connected to ADS2.

I'm confused on the syntax. I want to remove FPS02 from the Directory for domain.
"Remove selected Server FPS02" should do it? or do I use "Select Operation Taget" and choose FPS02 first?
ChrisHelveyAuthor Commented:
Found it: 

I am waiting to do this to see how the reinstall goes. If I can use my saved config\software hive to make things like ZetaFax, shares, etc, work properly then I'll follow through with it. I made a copy of the \Windows directory using robocopy so if it all goes to hell, I could get back to this place and the active directory would be OK with it. Permissions might be a problem wth those things until I am rejoined anyway, so we'll see.  
ChrisHelveyAuthor Commented:
The referred documents by both posters were helpful, so I split the points.
In the end, I found a backup tape that worked in restoring the system state. Then I manually changed all the DNS entries to only use the restored server for domain authentication (by removing the name of the second one in all the records.) The main problem was an incompatibility between versions of NovaBackup. The trial version downloaded from the site imported my tape but would not show the system state as an option to restore. As a last ditch effore, I found enough of the original version to run and import. Voiala, it was there.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.