Domain controller lost. No demote please help

We lost our domain controller. Total system failure. Now exchange is still trying to locate that domain controller.

Getting a lot of errors that specify the old domain controller.

Example: An error caused a change in the current set of domain controllers. It was running the command 'Get -ExchangeServer'

How do you demote a domain controller when you no longer have access to it?
TommyCasanovaJanitorAsked:
Who is Participating?
 
Randy DownsOWNERCommented:
Try this

http://technet.microsoft.com/en-us/library/cc731871(WS.10).aspx

The procedures in this section describe how you can forcefully remove a domain controller running Windows Server 2008 or Windows Server 2008 R2. In Windows Server 2008 and Windows Server 2008 R2, you can forcefully remove a domain controller when it is started in Directory Services Restore Mode (DSRM).

Typically, you force the removal of a domain controller only if the domain controller has no connectivity with other domain controllers. Because the domain controller cannot contact other domain controllers during the operation, the Active Directory forest metadata is not updated automatically as it is when a domain controller is removed normally. Instead, you must update the forest metadata manually after you remove the domain controller. If you use the version of the Active Directory Users and Computers snap-in that is included with Windows Server 2008 or Windows Server 2008 R2. or the Microsoft Remote Server Administration Tools for Windows Vista (http://go.microsoft.com/fwlink/?LinkID=115118), you can clean up the metadata automatically by deleting the domain controller object.

The procedures in this section describe the following methods that you can use to forcefully remove a domain controller:

Forcing the removal of a domain controller by using the Windows interface

To use the Windows interface, you must start the Active Directory Domain Services Installation Wizard at the command line by running the dcpromo /forceremoval command.


Forcing the removal of a domain controller by using the command line


Forcing the removal of a domain controller by using an answer file

Forcing the removal of a domain controller by using the Windows interface
Administrative credentials

To forcefully remove a domain controller, you must be a member of the Domain Admins group.

To force the removal of a domain controller by using the Windows interface
1.At a command prompt, type the following command, and then press ENTER:

dcpromo /forceremoval

If the domain controller hosts any operations master (also known as flexible single master operations or FSMO) roles, or if it is a Domain Name System (DNS) server or a global catalog server, warnings appear that explain how the forced removal will affect the rest of the environment. After you read each warning, click Yes. If you want to suppress the warnings in advance of the removal operation, you must force the removal of Active Directory Domain Services (AD DS) by using an answer file. In the answer file, specify the parameter demotefsmo=yes.

2.On the Welcome to the Active Directory Domain Services Installation Wizard page, click Next.

3.On the Force the Removal of Active Directory Domain Services page, review the information about forcing the removal of AD DS and metadata cleanup requirements, and then click Next.

4.On the Administrator Password page, type and confirm a secure password for the local Administrator account, and then click Next.

5.On the Summary page, review your selections. Click Back to change any selections, if necessary.

To save the settings that you selected to an answer file that you can use to automate subsequent AD DS operations, click Export settings. Type a name for your answer file, and then click Save.

When you are sure that your selections are accurate, click Next to remove AD DS.

6.You can either select the Reboot on completion check box to have the server restart automatically or you can restart the server to complete the removal of AD DS when you are prompted to do so.

7.Open Server Manager. Click Start, point to Administrative Tools, and then click Server Manager.

8.In Roles Summary, click Remove Roles.

9.If necessary, review the information on the Before You Begin page, and then click Next.

10.On the Remove Server Roles page, clear the Active Directory Domain Services check box, and then click Next.

11.On the Confirm Removal Selections page, click Remove.

12.On the Removal Results page, click Close, and then click Yes to restart the server.


0
 
Mike KlineCommented:
So in his case it sounds like he doesn't even have access to that DC so he can't even do a /forceremoval

A metadata cleanup would be the thing to do here.  http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx

Did this dead DC hold any FSMO roles?

Thanks

Mike
0
 
TommyCasanovaJanitorAuthor Commented:
MKline you are correct. I have no access to the DC.

looks like I am going to try the metadata cleanup and will see if it works.

The dead DC held all of the FSMO roles.

Standby for updates.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
kevinhsiehCommented:
After you do the metadata cleanup dig through the DNS records and delete all references to the old server.
0
 
Mike KlineCommented:
ok good info; so the dead DC held all the FSMO roles

You will need to seize the roles to another DC   http://www.petri.co.il/seizing_fsmo_roles.htm

Important **** Don't ever bring that dead DC back online once the roles have been seized ****

Thanks

Mike
0
 
TommyCasanovaJanitorAuthor Commented:
During the metadata cleanup at step 12. Type list servers in site and press ENTER. A list of servers in the site, each with an associated number, is displayed.

The server that I need to remove is not listed. Is it possible that I just need to seize the roles and all is well?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.