Removing a Windows 2003 DC from a domain

Posted on 2014-07-30
Last Modified: 2014-09-01
We have 2 x 2003 Windows servers running as DC's. We also have a Windows 2008 server running as DC, DHCP and DNS. We also have a Windows 2012 server running exchange 2010 which is just a member server.

We are no longer using one of the 2003 servers, and wish to remove it altogether.

I have tried running DCPROMO but we keep getting the error :-

DsRemoveDsDomainW error 0x2162<The requested domain could not be deleted because there exisits domain controllers that still host this domain.

Obviously, we still wish to use the same domain with our remaining servers, and just (first of all) remove the 2003 server.

What do I need to do to remove all traces of the first 2003 server? We will then move on to removing the second 2003 server.

Can anyone help, as it is ver frustrating being so close to physically removing the old server, and being stuck at this point.

Any advice much appreciated.

Many thanks.
Question by:nigelbeatson
LVL 17

Expert Comment

ID: 40228829
Go into Active Directory Sites and Services on your parent domain's DC, click on the server which you don 't find anywhere anymore in your domain computer accounts (try pinging it for all I care), open the subfolder on it where it says "NTDS Settings" and delete it.
You will be prompted what to do about it. Take the third option: the server is permantly offline and you want it removed.
Make sure you run this procedure with any badly removed DC.
Now rerun DCPROMO on the server you want the new child domain to be created. Et voila, new child domain (re)created.

What 's probably behind this: your parent domain is still in a pending state where it 's waiting to notify your dead DC about the removal of the original child domain. Since this cannot happen, your AD will remain in a crippled state about the child domain.

LVL 13

Expert Comment

by:Andy M
ID: 40228834
Firstly you need to make sure that the server is not holding any of the FSMO roles - if it does you need to move these before attempting to demote it.

Secondly ensure it's not the only global catalog in the domain.

I believe there's also options during the DCPromo, one of these is something like "this is the last domain controller/global catalog in the domain" - don't select this or anything else that refers to removing the domain/forest.
(Been a while since I did this so can't remember the exact page/settings)
LVL 19

Expert Comment

ID: 40228862
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.


Author Comment

ID: 40231361
I have removed the DHCP and DNS server roles. I can only see :-

File Server
Print Server
Application Server Domain Controller (Active Directory)

Set as configured. Are you saying I have to remove these first?

The Domain Controller is what I am trying to remove, should I try to remove it here? Can I remove it here?

This server is not a global catalogue server, this was moved to another server.

I did not select the option as being the last Domain Controller on the domain, so that is why I was surprised that it indicated that there were still other domain controllers hosting this domain, as I know there are.

I will check out the other suggestions too.

Many thanks.

Author Comment

ID: 40231362
Can I verify that this qualifies as a Child domain? We only have one domain, and simply want to remove this old 2003 server, leaving the domain in place on other servers.

Many thanks.

Author Comment

ID: 40231370
I would also like to confirm that the old 2003 server does still show under the list of Domain Controllers in AD. I am always concerend when the Microsoft Processes do not work in the way expected, and just removing things from AD sites and services etc, as I am unsure of the results.

The document detailed above mentions that it does not exist anymore but our old server still does.

Any suggestions.

Author Comment

ID: 40231384
Kash, i've been through the document and can confirm that all of the tests and criteria have passed.

Any other suggestions?

Expert Comment

by:Nicola Mackin
ID: 40231390
Hi nigelbeatson

Firstly, DO NOT do what nimatejic has recommended just yet. Forcing the removal in this way is a last resort. If you do, make sure that you have moved any FSMO roles to another server. You can mess up your active directory...

You need to check that your 2003 server is not hosting any of the FSMO roles. There are five of them.

Schema Master
Domain Naming Master
Infrastructure Master
Relative ID (RID)
PDC Emulator

If your 2003 server is hosting any of the above you need to move them to another server.  To check and move these roles refer to this link:

I believe you have already stated that your server is not a global catalogue server but do double check before demotion.

Once you have done this, leave it for a while to make sure everything is in sync and then try demoting your DC. After demotion you can kill off the server.  

If it fails again, check the event logs on all domain controllers and maybe post the event ID's here for more specific help. It is also worth mentioning that actually moving FSMO roles can fail, if so post event id's


Author Comment

ID: 40231441
Thanks Nicola.

I did not remove the NTDS from Sites and services yet.

Ive been through your article, and can confirm that they are already set to our new server.

The server being removed is called FSAMS1 and all of the settings :-

Current Schema
Operations Masters
RID, PDC and Infrastructure

are all set to FSAFS1, which is correct.

I think I would have called Microsoft by now, but they dont support 2003 any longer.

Any other ideas?

Many thanks.

Accepted Solution

Nicola Mackin earned 500 total points
ID: 40231461

I have not worked with 2003 for quite some time, in fact, I only work with Windows Servers when I have no choice. Linux is my preferred choice.

Anyway, that does not help your situation.

These issues can be a real pain and I have had my fair share of them on client site. What I would do is back up your active directory first. Just in case. Then try the following on the 2003 DC that needs to be moved.

Launch the command prompt and then type dcpromo /forceremoval and follow the on screen prompts. After which you will need to clean up the metadata.

For more detailed information please refer to the folliwing technet article.

This should remove your old DC but as I said, backup your active directory first.

Good Luck


Author Comment

ID: 40269902
sorry for the delay. I have been avoiding this process, as all is currently working OK, but I do need to address this. I will be taking another look over the next day or so, and will update the incident then. Thanks.

Author Comment

ID: 40287380
OK - I have now been back on site and carried out the Dcpromo /forceremoval which completed OK.

I am now trying to carry out the metadata cleanup as detailed in your document.

However, when I run the remove selected server servername I get the folowing message :-

NTDSUTIL: metdata cleanup
Error parsing Input - Invalid Syntax.
NTDSUTIL: metadata cleanup
metadata cleanup: remove selected server fsams1
Binding to localhost ...
DsBindWithSpnExW error 0x6d9(There are no more endpoints available from the endp
oint mapper.)
Unable to determine the domain hosted by the Active Directory Domain Controller
(2). Please use the connection menu to specify it.
metadata cleanup:"

I presume I have to run this from our current domain controller, as DS has now been removed from our old DC, and is now just a stand alone computer.

Your assistance in closing this out would be very much appreciated.

I can confirm that the demoted server still shows in Active Directory Sites and Services.

Many thanks.

Author Comment

ID: 40287387
I have just tried the connection method, but again it fails.

Does the old 2003 server need to be powered on to complete this, as having removed DS I did not think it would be able to find it anyway?? ie its now a stand alon server in the "workgroup" group??

Please advise.

Many thanks.

Author Closing Comment

ID: 40296962
Forced removal worked fine. No obvious problems now.

Thanks to all.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
WSUS Feature Updates for WIndows 10 6 145
need help with active directory 4 66
How to set IPSec under Server 2008 R2 and Server 2012 R2 3 60
BgInfo help 5 65
I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit If you want to manage em…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question