Solved

unable to delete failed DC

Posted on 2014-01-07
6
317 Views
Last Modified: 2014-01-07
Following KB: http://www.petri.co.il/delete_failed_dcs_from_ad.htm I am unable to deleted an already demoted DC.

I get DSRemoveDSServerW error 0x5(Access denied.)

I forced a DC Promo on the server and am trying to get it off our AD.

Any help would be great!
0
Comment
Question by:pstiffsae
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 39762645
did you run elevated command prompt before ntdsutil?
0
 

Author Comment

by:pstiffsae
ID: 39762647
right click and run as administrator, yes
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39762660
Are you on 2003 or 2008(or higher).  Just asking becuase there you just need to delete that old DC from AD.     http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

Thanks

Mike
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39762664
If you are trying to do a metadata cleanup make sure that you have the proper permissions to perform these operations (domain admin rights). Also make sure that you are running this from an elevated command prompt as well.

Open DNS Manager
- Under domain.com zones make sure that you remove this DC under and Name Server Tab
- Under _msdcs folder make sure that this DC is not located under and subfolders related to the SRV records (if you see this DC in there simply delete the record)

This error message might also be due to "Accidental Deletion" enabled on the computer account or in Site and Services computer Object. Check this setting first, then try again.

Accidental Deletion - http://www.doitfixit.com/index.php?option=com_content&view=article&id=131:dsremovedsserverw-error-0x5access-is-denied&catid=48:active-directory&Itemid=53

Will.
0
 

Author Closing Comment

by:pstiffsae
ID: 39762693
Knew it had to be something small I was missing - unchecking the accidental deletion worked. Thanks!
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 39762708
Please run ntdsutil from an elevated CMD on the FSMO role holder:

KB 216498: http://bit.ly/11X6QYO
How to remove data in Active Directory after an unsuccessful domain controller demotion

Elevated CMD: NetDom /query FSMO

You then need to run through _every_ folder in DNS in all Forward Lookup Zones and remove ONLY the removed server.

In elevated CMD:

RepAdmin /viewlist *
RepAdmin /SyncAll
RepAdmin /KCC

The above will tell you the state of replication between your DCs.

Verify that the previous DC is removed in DSSites.msc.

If the previous DC held the FSMO Roles and they were not properly transferred or are munged you will need to run the following on your PDCe:

KB 255504 http://bit.ly/11lKTCZ
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller

BTW, if the DCPromo /ForceRemoval was done before replication was complete between all DCs you may be in a situation where your AD is inconsistent between existing DCs.

Philip
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question