Solved

Removing failed 2008R2 DC from ADUC after running /forceremoval

Posted on 2014-11-14
5
12 Views
Last Modified: 2016-06-23
DCDIAG reported a DC had exceeded its replication tombstone. We attempted to gracefully remove AD using DCPROMO with no luck. So we disconnected it from the network, ran /forceremoval (worked), then went into AD to remove the remnants. Took it out of ADS&S no problem, removed all DNS records no problem, but attempted to remove it from the Domain Controllers container in ADUC and got a pop-up that said:

Windows cannot delete object [server name] because:
Directory Object not found

Do I need to use ADSIUTIL now to manually clean this up? The server is permanently offline.
0
Comment
Question by:214-042308
  • 2
5 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 40443166
Did you run a metadata cleanup?

http://www.petri.com/delete_failed_dcs_from_ad.htm
0
 

Author Comment

by:214-042308
ID: 40443227
No good. Got to "list servers in site" after selecting the site it existed in and "Found 0 servers" but the artifact remains in ADUC. So, looks like using ADSIEDIT and not NTDSUTIL?
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 500 total points
ID: 40443390
Yes you need to find the server in ADSI Edit and expand it and delete the child objects from it first.
0
 

Accepted Solution

by:
214-042308 earned 0 total points
ID: 40443663
Apparently it's true that Windows Server 2008R2 will automatically remove metadata - the object is now gone from ADUC without my further intervention. I will still run ADSIUTIL to see if I have any vestigial metadata, but it appears AD is now clean.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question