Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Removing failed 2008R2 DC from ADUC after running /forceremoval

Posted on 2014-11-14
5
Medium Priority
?
18 Views
Last Modified: 2016-06-23
DCDIAG reported a DC had exceeded its replication tombstone. We attempted to gracefully remove AD using DCPROMO with no luck. So we disconnected it from the network, ran /forceremoval (worked), then went into AD to remove the remnants. Took it out of ADS&S no problem, removed all DNS records no problem, but attempted to remove it from the Domain Controllers container in ADUC and got a pop-up that said:

Windows cannot delete object [server name] because:
Directory Object not found

Do I need to use ADSIUTIL now to manually clean this up? The server is permanently offline.
0
Comment
Question by:214-042308
  • 2
5 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 40443166
Did you run a metadata cleanup?

http://www.petri.com/delete_failed_dcs_from_ad.htm
0
 
LVL 1

Author Comment

by:214-042308
ID: 40443227
No good. Got to "list servers in site" after selecting the site it existed in and "Found 0 servers" but the artifact remains in ADUC. So, looks like using ADSIEDIT and not NTDSUTIL?
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 2000 total points
ID: 40443390
Yes you need to find the server in ADSI Edit and expand it and delete the child objects from it first.
0
 
LVL 1

Accepted Solution

by:
214-042308 earned 0 total points
ID: 40443663
Apparently it's true that Windows Server 2008R2 will automatically remove metadata - the object is now gone from ADUC without my further intervention. I will still run ADSIUTIL to see if I have any vestigial metadata, but it appears AD is now clean.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question