unable to delete failed DC

Following KB: http://www.petri.co.il/delete_failed_dcs_from_ad.htm I am unable to deleted an already demoted DC.

I get DSRemoveDSServerW error 0x5(Access denied.)

I forced a DC Promo on the server and am trying to get it off our AD.

Any help would be great!
pstiffsaeAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Will SzymkowskiConnect With a Mentor Senior Solution ArchitectCommented:
If you are trying to do a metadata cleanup make sure that you have the proper permissions to perform these operations (domain admin rights). Also make sure that you are running this from an elevated command prompt as well.

Open DNS Manager
- Under domain.com zones make sure that you remove this DC under and Name Server Tab
- Under _msdcs folder make sure that this DC is not located under and subfolders related to the SRV records (if you see this DC in there simply delete the record)

This error message might also be due to "Accidental Deletion" enabled on the computer account or in Site and Services computer Object. Check this setting first, then try again.

Accidental Deletion - http://www.doitfixit.com/index.php?option=com_content&view=article&id=131:dsremovedsserverw-error-0x5access-is-denied&catid=48:active-directory&Itemid=53

Will.
0
 
Seth SimmonsSr. Systems AdministratorCommented:
did you run elevated command prompt before ntdsutil?
0
 
pstiffsaeAuthor Commented:
right click and run as administrator, yes
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
Mike KlineCommented:
Are you on 2003 or 2008(or higher).  Just asking becuase there you just need to delete that old DC from AD.     http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

Thanks

Mike
0
 
pstiffsaeAuthor Commented:
Knew it had to be something small I was missing - unchecking the accidental deletion worked. Thanks!
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Please run ntdsutil from an elevated CMD on the FSMO role holder:

KB 216498: http://bit.ly/11X6QYO
How to remove data in Active Directory after an unsuccessful domain controller demotion

Elevated CMD: NetDom /query FSMO

You then need to run through _every_ folder in DNS in all Forward Lookup Zones and remove ONLY the removed server.

In elevated CMD:

RepAdmin /viewlist *
RepAdmin /SyncAll
RepAdmin /KCC

The above will tell you the state of replication between your DCs.

Verify that the previous DC is removed in DSSites.msc.

If the previous DC held the FSMO Roles and they were not properly transferred or are munged you will need to run the following on your PDCe:

KB 255504 http://bit.ly/11lKTCZ
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller

BTW, if the DCPromo /ForceRemoval was done before replication was complete between all DCs you may be in a situation where your AD is inconsistent between existing DCs.

Philip
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.