Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
Course Of The Month
9 days, 4 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
How to remove Backup DC NTDS Settings
Posted on 2013-06-14
We have 2 DCs (Server 2003) - primary and backup. Our backup went offline for longer than 60 days and became stale. We have demoted the backup DC using dcpromo cmd. Here's what happened:
1. Ran "dcpromo". The removal failed because of Access is denied error.
2. Ran "dcpromo /forceremoval", as per this article: http://technet.microsoft.com/en-us/library/cc731871(v=ws.10).aspx
3. Tried to clean up the backup DC (now with DC roles removed) with ntdsutil.exe, but the commands were also failing with Access is denied error. So I couldn't perform steps in this article: http://support.microsoft.com/kb/216498?wa=wsignin1.0
4. Rebooted the backup DC. Now it's just a regular domain member.
But in the primary DC's Sites and Services tree, the backup DC is still showing up (of course replicating to it fails with "no endpoint" error). In addition, that backup DC node has NTDS Setting child node inside. And I read here, that if NTDS Settings child node exists for a DC, then that DC should not be removed from Sites and Services:
http://technet.microsoft.com/en-us/library/cc738355(v=ws.10).aspx (says it in the "Important" section)
My question: Can remove that NTDS Setting child node from the decommissioned DC? Are there any adverse effects? Then can I remove the backup Dc from the tree?
Thanks.
1. Ran "dcpromo". The removal failed because of Access is denied error.
2. Ran "dcpromo /forceremoval", as per this article: http://technet.microsoft.com/en-us/library/cc731871(v=ws.10).aspx
3. Tried to clean up the backup DC (now with DC roles removed) with ntdsutil.exe, but the commands were also failing with Access is denied error. So I couldn't perform steps in this article: http://support.microsoft.com/kb/216498?wa=wsignin1.0
4. Rebooted the backup DC. Now it's just a regular domain member.
But in the primary DC's Sites and Services tree, the backup DC is still showing up (of course replicating to it fails with "no endpoint" error). In addition, that backup DC node has NTDS Setting child node inside. And I read here, that if NTDS Settings child node exists for a DC, then that DC should not be removed from Sites and Services:
http://technet.microsoft.com/en-us/library/cc738355(v=ws.10).aspx (says it in the "Important" section)
My question: Can remove that NTDS Setting child node from the decommissioned DC? Are there any adverse effects? Then can I remove the backup Dc from the tree?
Thanks.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3 Comments
Try Transferring or seizing the FSMO roles over to the primary DC.
Check the link below,
http://support.microsoft.com/kb/255504
Check the link below,
http://support.microsoft.com/kb/255504
Do meta data cleanup also check fsmo roles owner. NetDOM /query FSMO
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
http://support.microsoft.com/kb/2002413
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
http://support.microsoft.com/kb/2002413
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages?
You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month9 days, 4 hours left to enroll
Earn Certification
MCSA Configuring Windows 7 Exam 70-680
$49.00$44.10
615 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.