Patrick
asked on
unable to delete failed DC
Following KB: http://www.petri.co.il/delete_failed_dcs_from_ad.htm I am unable to deleted an already demoted DC.
I get DSRemoveDSServerW error 0x5(Access denied.)
I forced a DC Promo on the server and am trying to get it off our AD.
Any help would be great!
I get DSRemoveDSServerW error 0x5(Access denied.)
I forced a DC Promo on the server and am trying to get it off our AD.
Any help would be great!
Last Comment
Seth Simmons
did you run elevated command prompt before ntdsutil?
ASKER
right click and run as administrator, yes
Are you on 2003 or 2008(or higher). Just asking becuase there you just need to delete that old DC from AD. http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx
Thanks
Mike
Thanks
Mike
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Knew it had to be something small I was missing - unchecking the accidental deletion worked. Thanks!
Please run ntdsutil from an elevated CMD on the FSMO role holder:
KB 216498: http://bit.ly/11X6QYO
How to remove data in Active Directory after an unsuccessful domain controller demotion
Elevated CMD: NetDom /query FSMO
You then need to run through _every_ folder in DNS in all Forward Lookup Zones and remove ONLY the removed server.
In elevated CMD:
RepAdmin /viewlist *
RepAdmin /SyncAll
RepAdmin /KCC
The above will tell you the state of replication between your DCs.
Verify that the previous DC is removed in DSSites.msc.
If the previous DC held the FSMO Roles and they were not properly transferred or are munged you will need to run the following on your PDCe:
KB 255504 http://bit.ly/11lKTCZ
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
BTW, if the DCPromo /ForceRemoval was done before replication was complete between all DCs you may be in a situation where your AD is inconsistent between existing DCs.
Philip
KB 216498: http://bit.ly/11X6QYO
How to remove data in Active Directory after an unsuccessful domain controller demotion
Elevated CMD: NetDom /query FSMO
You then need to run through _every_ folder in DNS in all Forward Lookup Zones and remove ONLY the removed server.
In elevated CMD:
RepAdmin /viewlist *
RepAdmin /SyncAll
RepAdmin /KCC
The above will tell you the state of replication between your DCs.
Verify that the previous DC is removed in DSSites.msc.
If the previous DC held the FSMO Roles and they were not properly transferred or are munged you will need to run the following on your PDCe:
KB 255504 http://bit.ly/11lKTCZ
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
BTW, if the DCPromo /ForceRemoval was done before replication was complete between all DCs you may be in a situation where your AD is inconsistent between existing DCs.
Philip
Windows Server 2003
Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).
129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
