Exchange
--
Questions
--
Followers
Top Experts
Cannot finish removal of failed DC
Hello all,
I have an environment giving me some trouble. The environment was set up with Win2k8R2 server as a PDC (holding allthe roles) and a Win2k3 additional domain controller that used to be the PDC until I siezed the roles with the new Win2k8 server. The Win2k3 box was also an Exchange server, but not long ago that Win2k3 server had a motherboard failure and died. I extracted the mailboxes from the infostore using a tool and migrated all email to cloud services, which no one liked, so now at their request I'm setting up a new Win2k8R2 server with Exchange 2010.
Built the new Win2k8R2 server and added to the domain. Attempted to add Exchange and it failed due to functional level of AD being 2k3 mixed mode. I went to go raise the functional level and it gave the following error:
-----------------
The following domains include Active Directory Domain Controllers that are running earlier versions of windows:
domain Name AD DC Version of Windows
ForestDnsZones.<domain>.CO
-----------------
I had previously tried to manually extract the former server using ntdsutil metadata cleanup procedure and that seemed to work. I then went in to ADSI editor and cleaned out any records of the old server name that I could find. I also went into DNS and cleaned out any record I could delete... some of the SRV records would not let me delete though.
Where I'm running into a serious snag is that in AD Sites and Services, under <domain> --> Servers, I still see both the old DC and the new DC. When I try to delete the old DC I get the warning:
-----------
"Object <old-server> contains other objects. Are you sure you want to delete object <old-server> and all of the objects it contains?"
------------
- There is a check box labeled "Use delete subtree server control", which I check, and then I get the following error:
------------
Do not delete the <old-server> container object. <old-server> contains objects representing Domain Controller <old-server> and possibly other DCs. To delete these objects, demote the DCs using the Active Directory domain services installation wizard (DCPROMO). If the DCs represented by these objects are permanently offline and can no longer be demoted using Active Directory Domain Services Installation Wizard (DCPROMO), you must delete them one at a time.
--------------
I need to be able to completely remove this former DC and raise the functional level of this domain to get the new Exchange server installed. I also need to make sure there are no other traces of the former Exchange server hiding within AD. Anyone have any advice on how to get this done given these errors?
Thanks!!
I have an environment giving me some trouble. The environment was set up with Win2k8R2 server as a PDC (holding allthe roles) and a Win2k3 additional domain controller that used to be the PDC until I siezed the roles with the new Win2k8 server. The Win2k3 box was also an Exchange server, but not long ago that Win2k3 server had a motherboard failure and died. I extracted the mailboxes from the infostore using a tool and migrated all email to cloud services, which no one liked, so now at their request I'm setting up a new Win2k8R2 server with Exchange 2010.
Built the new Win2k8R2 server and added to the domain. Attempted to add Exchange and it failed due to functional level of AD being 2k3 mixed mode. I went to go raise the functional level and it gave the following error:
-----------------
The following domains include Active Directory Domain Controllers that are running earlier versions of windows:
domain Name AD DC Version of Windows
ForestDnsZones.<domain>.CO
-----------------
I had previously tried to manually extract the former server using ntdsutil metadata cleanup procedure and that seemed to work. I then went in to ADSI editor and cleaned out any records of the old server name that I could find. I also went into DNS and cleaned out any record I could delete... some of the SRV records would not let me delete though.
Where I'm running into a serious snag is that in AD Sites and Services, under <domain> --> Servers, I still see both the old DC and the new DC. When I try to delete the old DC I get the warning:
-----------
"Object <old-server> contains other objects. Are you sure you want to delete object <old-server> and all of the objects it contains?"
------------
- There is a check box labeled "Use delete subtree server control", which I check, and then I get the following error:
------------
Do not delete the <old-server> container object. <old-server> contains objects representing Domain Controller <old-server> and possibly other DCs. To delete these objects, demote the DCs using the Active Directory domain services installation wizard (DCPROMO). If the DCs represented by these objects are permanently offline and can no longer be demoted using Active Directory Domain Services Installation Wizard (DCPROMO), you must delete them one at a time.
--------------
I need to be able to completely remove this former DC and raise the functional level of this domain to get the new Exchange server installed. I also need to make sure there are no other traces of the former Exchange server hiding within AD. Anyone have any advice on how to get this done given these errors?
Thanks!!
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Do you still have the old server listed in AD as a DNS server? I'd guess that's why you can't remove the entries from DNS.
When you expand the server name in sites and services you will see "NTDS settings" and connection object ....something named as "Automatically Generated" delete those one by one then delete "NTDS settings" then try deleting the server object ...it seems your metadata cleanup has not worked correctly
Thank you for the replies...
I checked in the DNS console on the new server and it only shows the new server, not the old one, so I don't think that the old server is still registered in AD as being a DNS server. Is there another way for me to verify beyond looking in the DNS console?
With regards to the suggestion of deleting the NTDS settings, I have been trying that. I expand the old server in AD Sites and Services so that I can see the single object labeled NTDS settings. I can delete the NTDS settings object so that nothing else shows under the server name, but then when I try to delete the server name I am again met with the following error:
---------
Do not delete the <old-server> container object. <Old-server> contains objects representing Domain Controller <old server> and possibly other DCs. To delete these objects, demote the DCs using the Active Directory Services Installation Wizard (DCPROMO). If the DCs represented by these objects are permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO), you must delete them one at a time.
----------
After I close the error, I refresh the view on AD Sites and Services and that NTDS Settings object shows up again under the old server name, and it shows as automatically generated from the new server.
Any other suggestions would be greatly appreciated! Thanks!
I checked in the DNS console on the new server and it only shows the new server, not the old one, so I don't think that the old server is still registered in AD as being a DNS server. Is there another way for me to verify beyond looking in the DNS console?
With regards to the suggestion of deleting the NTDS settings, I have been trying that. I expand the old server in AD Sites and Services so that I can see the single object labeled NTDS settings. I can delete the NTDS settings object so that nothing else shows under the server name, but then when I try to delete the server name I am again met with the following error:
---------
Do not delete the <old-server> container object. <Old-server> contains objects representing Domain Controller <old server> and possibly other DCs. To delete these objects, demote the DCs using the Active Directory Services Installation Wizard (DCPROMO). If the DCs represented by these objects are permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO), you must delete them one at a time.
----------
After I close the error, I refresh the view on AD Sites and Services and that NTDS Settings object shows up again under the old server name, and it shows as automatically generated from the new server.
Any other suggestions would be greatly appreciated! Thanks!
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
There will be a check box ...click on that and select delete
refer this
http://technet.microsoft.com/pt-pt/library/cc816907(v=ws.10).aspx#bkmk_graphical
refer this
http://technet.microsoft.com/pt-pt/library/cc816907(v=ws.10).aspx#bkmk_graphical
Thank you again. When i delete the NTDS settings object under the old server's entry in AD Sites and Services, I do get the check box mentioned in that link that says:
----------
"This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO). "
----------
I have been putting a check in that box and deleting the NTDS Settings object without a problem. When I then go to delete the server's entry in AD Sites and Services I am presented with an a different check box that says:
---------
"Use Delete Subtree server control"
---------
I have attached a screen shot of this 2nd pop-up with check box. When I then click OK to complete the deletion, that's when I am greeted with the error telling me "Do not delete the server"
screenshot.jpg
----------
"This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO). "
----------
I have been putting a check in that box and deleting the NTDS Settings object without a problem. When I then go to delete the server's entry in AD Sites and Services I am presented with an a different check box that says:
---------
"Use Delete Subtree server control"
---------
I have attached a screen shot of this 2nd pop-up with check box. When I then click OK to complete the deletion, that's when I am greeted with the error telling me "Do not delete the server"
screenshot.jpg
Ok, back up your AD, then delete it.
That warning is just telling you that the server does have some objects in its directory, but obviously you're not going to delete the objects on that server as it's already offline.
That warning is just telling you that the server does have some objects in its directory, but obviously you're not going to delete the objects on that server as it's already offline.
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Here is the output of the last NTDSUtil metadata cleanup I tried when attempting to get this straightened out. The first one I did seemed to work fine, and this second one indicated that some of the data it was trying to clean up was already gone, so I think that's a good sign, but I still can't make any forward progress. Thanks!
ntdsutil-metadata-cleanup-attemp.txt
ntdsutil-metadata-cleanup-attemp.txt
The problem is, I do try to delete the server, I do put the check in the box, I do click to go through with the deletion, and then I get that pop-up telling me not to delete and it won't let me proceed. I will provide a screen shot. One moment (and thanks!).
Ok... more screenshots.
In AD Sites and Services, when I delete the NTDS Settings object from under the old DC, I first get this pop-up:
And it deletes the NTDS Settings object with no trouble.
Then, when I go to delete the old DC's object I get the following pop-up:
And then when I click Yes on that last window I get the following error, which is where I'm stuck:
I hope this helps!
In AD Sites and Services, when I delete the NTDS Settings object from under the old DC, I first get this pop-up:
And it deletes the NTDS Settings object with no trouble. Then, when I go to delete the old DC's object I get the following pop-up:
And then when I click Yes on that last window I get the following error, which is where I'm stuck: 
I hope this helps!
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
is the server present in domain controller's OU...if yes then try deleting from there
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
I did find it in the Domain Controllers OU in AD Users and Computers... but every time I delete the old-DC's object, it comes back as soon as I hit refresh, very similar to how it re-appears in Sites and Services.
have u tried the script I have given
Get a FREE t-shirt when you ask your first question.
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Hi there... Yes, I ran the script that you recommended, and within about a minute the old-DC showed up again in both AD Sites and Services as well as AD Users and Computers under domain controllers. I ran the script a second time and noticed that it still detected the old-DC as a valid DC also, so there is definitely some other piece missing here. Thank you for that suggestion though!
what if you raise DFL & FFL now?
I tried raising that level after I ran the script both times...I just get the original error I was receiving before troubleshooting.
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Logged in this morning after running the script one more time and found I was able to remove the domain controller. I don't think anything changed otherwise, but I'll take it. Thank you both!
Exchange
--
Questions
--
Followers
Top Experts
Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.