Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 332
  • Last Modified:

unable to delete failed DC

Following KB: http://www.petri.co.il/delete_failed_dcs_from_ad.htm I am unable to deleted an already demoted DC.

I get DSRemoveDSServerW error 0x5(Access denied.)

I forced a DC Promo on the server and am trying to get it off our AD.

Any help would be great!
0
pstiffsae
Asked:
pstiffsae
1 Solution
 
Seth SimmonsSr. Systems AdministratorCommented:
did you run elevated command prompt before ntdsutil?
0
 
pstiffsaeAuthor Commented:
right click and run as administrator, yes
0
 
Mike KlineCommented:
Are you on 2003 or 2008(or higher).  Just asking becuase there you just need to delete that old DC from AD.     http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

Thanks

Mike
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Will SzymkowskiSenior Solution ArchitectCommented:
If you are trying to do a metadata cleanup make sure that you have the proper permissions to perform these operations (domain admin rights). Also make sure that you are running this from an elevated command prompt as well.

Open DNS Manager
- Under domain.com zones make sure that you remove this DC under and Name Server Tab
- Under _msdcs folder make sure that this DC is not located under and subfolders related to the SRV records (if you see this DC in there simply delete the record)

This error message might also be due to "Accidental Deletion" enabled on the computer account or in Site and Services computer Object. Check this setting first, then try again.

Accidental Deletion - http://www.doitfixit.com/index.php?option=com_content&view=article&id=131:dsremovedsserverw-error-0x5access-is-denied&catid=48:active-directory&Itemid=53

Will.
0
 
pstiffsaeAuthor Commented:
Knew it had to be something small I was missing - unchecking the accidental deletion worked. Thanks!
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Please run ntdsutil from an elevated CMD on the FSMO role holder:

KB 216498: http://bit.ly/11X6QYO
How to remove data in Active Directory after an unsuccessful domain controller demotion

Elevated CMD: NetDom /query FSMO

You then need to run through _every_ folder in DNS in all Forward Lookup Zones and remove ONLY the removed server.

In elevated CMD:

RepAdmin /viewlist *
RepAdmin /SyncAll
RepAdmin /KCC

The above will tell you the state of replication between your DCs.

Verify that the previous DC is removed in DSSites.msc.

If the previous DC held the FSMO Roles and they were not properly transferred or are munged you will need to run the following on your PDCe:

KB 255504 http://bit.ly/11lKTCZ
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller

BTW, if the DCPromo /ForceRemoval was done before replication was complete between all DCs you may be in a situation where your AD is inconsistent between existing DCs.

Philip
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now