Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

unable to delete failed DC

Posted on 2014-01-07
6
Medium Priority
?
326 Views
Last Modified: 2014-01-07
Following KB: http://www.petri.co.il/delete_failed_dcs_from_ad.htm I am unable to deleted an already demoted DC.

I get DSRemoveDSServerW error 0x5(Access denied.)

I forced a DC Promo on the server and am trying to get it off our AD.

Any help would be great!
0
Comment
Question by:pstiffsae
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 39762645
did you run elevated command prompt before ntdsutil?
0
 

Author Comment

by:pstiffsae
ID: 39762647
right click and run as administrator, yes
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 39762660
Are you on 2003 or 2008(or higher).  Just asking becuase there you just need to delete that old DC from AD.     http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

Thanks

Mike
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 39762664
If you are trying to do a metadata cleanup make sure that you have the proper permissions to perform these operations (domain admin rights). Also make sure that you are running this from an elevated command prompt as well.

Open DNS Manager
- Under domain.com zones make sure that you remove this DC under and Name Server Tab
- Under _msdcs folder make sure that this DC is not located under and subfolders related to the SRV records (if you see this DC in there simply delete the record)

This error message might also be due to "Accidental Deletion" enabled on the computer account or in Site and Services computer Object. Check this setting first, then try again.

Accidental Deletion - http://www.doitfixit.com/index.php?option=com_content&view=article&id=131:dsremovedsserverw-error-0x5access-is-denied&catid=48:active-directory&Itemid=53

Will.
0
 

Author Closing Comment

by:pstiffsae
ID: 39762693
Knew it had to be something small I was missing - unchecking the accidental deletion worked. Thanks!
0
 
LVL 39

Expert Comment

by:Philip Elder
ID: 39762708
Please run ntdsutil from an elevated CMD on the FSMO role holder:

KB 216498: http://bit.ly/11X6QYO
How to remove data in Active Directory after an unsuccessful domain controller demotion

Elevated CMD: NetDom /query FSMO

You then need to run through _every_ folder in DNS in all Forward Lookup Zones and remove ONLY the removed server.

In elevated CMD:

RepAdmin /viewlist *
RepAdmin /SyncAll
RepAdmin /KCC

The above will tell you the state of replication between your DCs.

Verify that the previous DC is removed in DSSites.msc.

If the previous DC held the FSMO Roles and they were not properly transferred or are munged you will need to run the following on your PDCe:

KB 255504 http://bit.ly/11lKTCZ
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller

BTW, if the DCPromo /ForceRemoval was done before replication was complete between all DCs you may be in a situation where your AD is inconsistent between existing DCs.

Philip
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question