Cannot remove DC from Network
Hey guys,
We have a DC in one of our Hyper-V VM environments that has a lot of problems. It appears that system files have been corrupted. I ran sfc /scannow and it didn't resolve the issue. MMC snap-ins don't load and other stuff doesn't function properly.
So we went ahead and decided to create a new DC and moved all the FSMO roles to the new DC. However when I try to remove the old DC using dcpromo /forceremoval I receive the error below. I haven't really found any articles that were very helpful. If anyone can shed some light on what's going on here I'd greatly appreciate it. Thanks!
We have a DC in one of our Hyper-V VM environments that has a lot of problems. It appears that system files have been corrupted. I ran sfc /scannow and it didn't resolve the issue. MMC snap-ins don't load and other stuff doesn't function properly.
So we went ahead and decided to create a new DC and moved all the FSMO roles to the new DC. However when I try to remove the old DC using dcpromo /forceremoval I receive the error below. I haven't really found any articles that were very helpful. If anyone can shed some light on what's going on here I'd greatly appreciate it. Thanks!
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Does the new DC reflect no issues with dcdiag?
Power off the failed DC and make sure the remaining DC is functional. Use ntdsutils on the new DC to make sure it has all the roles.
Ntdsutil can be used to seize tge roles meaning the old DC must not be put back on the network in its old state if seizure is done.
If you do seize, make sure it is done after all the data files needed have been transferred.
Power off the failed DC and make sure the remaining DC is functional. Use ntdsutils on the new DC to make sure it has all the roles.
Ntdsutil can be used to seize tge roles meaning the old DC must not be put back on the network in its old state if seizure is done.
If you do seize, make sure it is done after all the data files needed have been transferred.
As per your comments I assume that you have already moved all the FSMO roles, however if you have not moved, follow the article and move all the FSMo roles to new DC. Use Seize if graceful move is not working.
http://www.itingredients.com/what-is-fsmo-roles-flexible-single-master-operations/
If you are facing an issue while doing DCPROMO /Forceremoval then you can reinstall OS. In both the scenarios you need to perform metadata cleanup to remove all the references of old domain controller from new domain controller.
http://www.itingredients.com/what-is-fsmo-roles-flexible-single-master-operations/
If you are facing an issue while doing DCPROMO /Forceremoval then you can reinstall OS. In both the scenarios you need to perform metadata cleanup to remove all the references of old domain controller from new domain controller.
As others are suggesting (but to summarize):
Turn off the failing DC and remove it physically (backup and delete the VM), then delete the DC from AD - this is automatic in newer versions of Server when you delete the DC in the Domain Controllers OU, but if you have an older version, you follow the directions for Metadata Cleanup.
Turn off the failing DC and remove it physically (backup and delete the VM), then delete the DC from AD - this is automatic in newer versions of Server when you delete the DC in the Domain Controllers OU, but if you have an older version, you follow the directions for Metadata Cleanup.
Althgouth this is done automatically it is always a good idea to use NTDSUtil to ensure that the objects were removed, Never assume.
Other things that were not mentioned are the following...
- check sites and services (if there are any objects referencing the failed DC delete them)
- make sure that you setup the new DC with an external time source (PDC)
- open DNS management and expand the _msdcs.domain.com folder and check all of the sub folders and make sure that there are no entries pointing to this DC, if there are, delete them
Also run netdom query fsmo and netdom query dc
Will.
Other things that were not mentioned are the following...
- check sites and services (if there are any objects referencing the failed DC delete them)
- make sure that you setup the new DC with an external time source (PDC)
- open DNS management and expand the _msdcs.domain.com folder and check all of the sub folders and make sure that there are no entries pointing to this DC, if there are, delete them
Also run netdom query fsmo and netdom query dc
Will.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial