Removing a Windows 2003 DC from a domain

Posted on 2014-07-30
Medium Priority
Last Modified: 2014-09-01
We have 2 x 2003 Windows servers running as DC's. We also have a Windows 2008 server running as DC, DHCP and DNS. We also have a Windows 2012 server running exchange 2010 which is just a member server.

We are no longer using one of the 2003 servers, and wish to remove it altogether.

I have tried running DCPROMO but we keep getting the error :-

DsRemoveDsDomainW error 0x2162<The requested domain could not be deleted because there exisits domain controllers that still host this domain.

Obviously, we still wish to use the same domain with our remaining servers, and just (first of all) remove the 2003 server.

What do I need to do to remove all traces of the first 2003 server? We will then move on to removing the second 2003 server.

Can anyone help, as it is ver frustrating being so close to physically removing the old server, and being stuck at this point.

Any advice much appreciated.

Many thanks.
Question by:nigelbeatson
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 17

Expert Comment

ID: 40228829
Go into Active Directory Sites and Services on your parent domain's DC, click on the server which you don 't find anywhere anymore in your domain computer accounts (try pinging it for all I care), open the subfolder on it where it says "NTDS Settings" and delete it.
You will be prompted what to do about it. Take the third option: the server is permantly offline and you want it removed.
Make sure you run this procedure with any badly removed DC.
Now rerun DCPROMO on the server you want the new child domain to be created. Et voila, new child domain (re)created.

What 's probably behind this: your parent domain is still in a pending state where it 's waiting to notify your dead DC about the removal of the original child domain. Since this cannot happen, your AD will remain in a crippled state about the child domain.

Source: http://trinityhome.org/Home/index.php?content=DSREMOVEDSDOMAINW_ERROR_0X2162_THE_REQUESTED_DOMAI&front_id=18&lang=en&locale=en
LVL 14

Expert Comment

by:Andy M
ID: 40228834
Firstly you need to make sure that the server is not holding any of the FSMO roles - if it does you need to move these before attempting to demote it.

Secondly ensure it's not the only global catalog in the domain.

I believe there's also options during the DCPromo, one of these is something like "this is the last domain controller/global catalog in the domain" - don't select this or anything else that refers to removing the domain/forest.
(Been a while since I did this so can't remember the exact page/settings)
LVL 19

Expert Comment

ID: 40228862
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.


Author Comment

ID: 40231361
I have removed the DHCP and DNS server roles. I can only see :-

File Server
Print Server
Application Server Domain Controller (Active Directory)

Set as configured. Are you saying I have to remove these first?

The Domain Controller is what I am trying to remove, should I try to remove it here? Can I remove it here?

This server is not a global catalogue server, this was moved to another server.

I did not select the option as being the last Domain Controller on the domain, so that is why I was surprised that it indicated that there were still other domain controllers hosting this domain, as I know there are.

I will check out the other suggestions too.

Many thanks.

Author Comment

ID: 40231362
Can I verify that this qualifies as a Child domain? We only have one domain, and simply want to remove this old 2003 server, leaving the domain in place on other servers.

Many thanks.

Author Comment

ID: 40231370
I would also like to confirm that the old 2003 server does still show under the list of Domain Controllers in AD. I am always concerend when the Microsoft Processes do not work in the way expected, and just removing things from AD sites and services etc, as I am unsure of the results.

The document detailed above mentions that it does not exist anymore but our old server still does.

Any suggestions.

Author Comment

ID: 40231384
Kash, i've been through the document and can confirm that all of the tests and criteria have passed.

Any other suggestions?

Expert Comment

by:Nicola Mackin
ID: 40231390
Hi nigelbeatson

Firstly, DO NOT do what nimatejic has recommended just yet. Forcing the removal in this way is a last resort. If you do, make sure that you have moved any FSMO roles to another server. You can mess up your active directory...

You need to check that your 2003 server is not hosting any of the FSMO roles. There are five of them.

Schema Master
Domain Naming Master
Infrastructure Master
Relative ID (RID)
PDC Emulator

If your 2003 server is hosting any of the above you need to move them to another server.  To check and move these roles refer to this link:


I believe you have already stated that your server is not a global catalogue server but do double check before demotion.

Once you have done this, leave it for a while to make sure everything is in sync and then try demoting your DC. After demotion you can kill off the server.  

If it fails again, check the event logs on all domain controllers and maybe post the event ID's here for more specific help. It is also worth mentioning that actually moving FSMO roles can fail, if so post event id's


Author Comment

ID: 40231441
Thanks Nicola.

I did not remove the NTDS from Sites and services yet.

Ive been through your article, and can confirm that they are already set to our new server.

The server being removed is called FSAMS1 and all of the settings :-

Current Schema
Operations Masters
RID, PDC and Infrastructure

are all set to FSAFS1, which is correct.

I think I would have called Microsoft by now, but they dont support 2003 any longer.

Any other ideas?

Many thanks.

Accepted Solution

Nicola Mackin earned 2000 total points
ID: 40231461

I have not worked with 2003 for quite some time, in fact, I only work with Windows Servers when I have no choice. Linux is my preferred choice.

Anyway, that does not help your situation.

These issues can be a real pain and I have had my fair share of them on client site. What I would do is back up your active directory first. Just in case. Then try the following on the 2003 DC that needs to be moved.

Launch the command prompt and then type dcpromo /forceremoval and follow the on screen prompts. After which you will need to clean up the metadata.

For more detailed information please refer to the folliwing technet article.


This should remove your old DC but as I said, backup your active directory first.

Good Luck


Author Comment

ID: 40269902
sorry for the delay. I have been avoiding this process, as all is currently working OK, but I do need to address this. I will be taking another look over the next day or so, and will update the incident then. Thanks.

Author Comment

ID: 40287380
OK - I have now been back on site and carried out the Dcpromo /forceremoval which completed OK.

I am now trying to carry out the metadata cleanup as detailed in your document.

However, when I run the remove selected server servername I get the folowing message :-

NTDSUTIL: metdata cleanup
Error parsing Input - Invalid Syntax.
NTDSUTIL: metadata cleanup
metadata cleanup: remove selected server fsams1
Binding to localhost ...
DsBindWithSpnExW error 0x6d9(There are no more endpoints available from the endp
oint mapper.)
Unable to determine the domain hosted by the Active Directory Domain Controller
(2). Please use the connection menu to specify it.
metadata cleanup:"

I presume I have to run this from our current domain controller, as DS has now been removed from our old DC, and is now just a stand alone computer.

Your assistance in closing this out would be very much appreciated.

I can confirm that the demoted server still shows in Active Directory Sites and Services.

Many thanks.

Author Comment

ID: 40287387
I have just tried the connection method, but again it fails.

Does the old 2003 server need to be powered on to complete this, as having removed DS I did not think it would be able to find it anyway?? ie its now a stand alon server in the "workgroup" group??

Please advise.

Many thanks.

Author Closing Comment

ID: 40296962
Forced removal worked fine. No obvious problems now.

Thanks to all.

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question