Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Removing failed 2008R2 DC from ADUC after running /forceremoval

Posted on 2014-11-14
5
Medium Priority
?
21 Views
Last Modified: 2016-06-23
DCDIAG reported a DC had exceeded its replication tombstone. We attempted to gracefully remove AD using DCPROMO with no luck. So we disconnected it from the network, ran /forceremoval (worked), then went into AD to remove the remnants. Took it out of ADS&S no problem, removed all DNS records no problem, but attempted to remove it from the Domain Controllers container in ADUC and got a pop-up that said:

Windows cannot delete object [server name] because:
Directory Object not found

Do I need to use ADSIUTIL now to manually clean this up? The server is permanently offline.
0
Comment
Question by:214-042308
  • 2
4 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 40443166
Did you run a metadata cleanup?

http://www.petri.com/delete_failed_dcs_from_ad.htm
0
 
LVL 1

Author Comment

by:214-042308
ID: 40443227
No good. Got to "list servers in site" after selecting the site it existed in and "Found 0 servers" but the artifact remains in ADUC. So, looks like using ADSIEDIT and not NTDSUTIL?
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 2000 total points
ID: 40443390
Yes you need to find the server in ADSI Edit and expand it and delete the child objects from it first.
0
 
LVL 1

Accepted Solution

by:
214-042308 earned 0 total points
ID: 40443663
Apparently it's true that Windows Server 2008R2 will automatically remove metadata - the object is now gone from ADUC without my further intervention. I will still run ADSIUTIL to see if I have any vestigial metadata, but it appears AD is now clean.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question