Link to home
Start Free TrialLog in
Avatar of Rick Mills
Rick MillsFlag for United States of America

asked on

I can't remove decommissioned DC from 2012 server

I took over support for a small non-profit.  The old IT company was hosting their domain controller (OldDC).  I installed a new DC (NewDC) on-premise with 2012 Foundation, joined it to the domain and made it a domain controller.  We changed Internet providers about the same time.  The old IT provider could not get the VPN to connect, after changing the Internet provider (that one still stumps me).  OldDC is still a domain controller in my AD, but I can no longer access it.
If I go to ADUC and select to delete OldDC, i get the "you are attempting to delete a Domain Controller without running the removal wizard..." message.  I check the box for Delete this DC anyway and click the Delete button.  Here's the message I get.
Windows cannot delete object
LDAP://,OU=Domain Controllers,DC=mydomain,DC=org because:
Access is denied

I can't run a DCPROMO /FORCEREMOVAL because that's now incorporated into Server Manager.
I ran NTDSUTIL and when I listed the servers in site, it only lists NewDC.  I tried to select server OldDC, anyway, but it said invalid syntax.

Can anyone offer a suggestion on how to remove this old server?
Avatar of Rob Wesley
Rob Wesley
Flag of Canada image

Avatar of Will Szymkowski
Will Szymkowski
Flag of Canada image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
You can try removing it via powershell as well.  Open up powershell (run as administrator)
run this command
Uninstall-ADDSDomainController -ForceRemoval -LocalAdministratorPassword  -Force

ref link:
Avatar of Rick Mills


Foxluv, wouldn't that remove AD from the server I run the command from?
I need to remove OldDC (which I can't get to any longer) from the AD installed on NewDC.

I believe this is the command I would want to run on OldDC, not NewDC.
I would strongly suggest reading this:

and would check on parameters/limits and (roles and features)/(Availability and limitations)

Does anything within your network exceed limits or limitations?