Start Free Trial
Come for the solution, stay for everything else.
Start Free Trial
unable to delete failed DC
I am unable to deleted an already demoted DC.
I get DSRemoveDSServerW error 0x5(Access denied.)
I forced a DC Promo on the server and am trying to get it off our AD.
Any help would be great!
Windows Server 2008
Windows Server 2003
8/22/2022 - Mon
did you run elevated command prompt before ntdsutil?
right click and run as administrator, yes
Are you on 2003 or 2008(or higher). Just asking becuase there you just need to delete that old DC from AD.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today
7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Knew it had to be something small I was missing - unchecking the accidental deletion worked. Thanks!
Please run ntdsutil from an elevated CMD on the FSMO role holder:
How to remove data in Active Directory after an unsuccessful domain controller demotion
Elevated CMD: NetDom /query FSMO
You then need to run through _every_ folder in DNS in all Forward Lookup Zones and remove ONLY the removed server.
In elevated CMD:
RepAdmin /viewlist *
The above will tell you the state of replication between your DCs.
Verify that the previous DC is removed in DSSites.msc.
If the previous DC held the FSMO Roles and they were not properly transferred or are munged you will need to run the following on your PDCe:
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
BTW, if the DCPromo /ForceRemoval was done before replication was complete between all DCs you may be in a situation where your AD is inconsistent between existing DCs.
Plans and Pricing
Certified Expert Program
© 1996-2022 Experts Exchange, LLC. All rights reserved. Covered by US Patent