I can't remove decommissioned DC from 2012 server
I took over support for a small non-profit. The old IT company was hosting their domain controller (OldDC). I installed a new DC (NewDC) on-premise with 2012 Foundation, joined it to the domain and made it a domain controller. We changed Internet providers about the same time. The old IT provider could not get the VPN to connect, after changing the Internet provider (that one still stumps me). OldDC is still a domain controller in my AD, but I can no longer access it.
If I go to ADUC and select to delete OldDC, i get the "you are attempting to delete a Domain Controller without running the removal wizard..." message. I check the box for Delete this DC anyway and click the Delete button. Here's the message I get.
Windows cannot delete object
LDAP://NewDC.mydomain.org/
Access is denied
I can't run a DCPROMO /FORCEREMOVAL because that's now incorporated into Server Manager.
I ran NTDSUTIL and when I listed the servers in site, it only lists NewDC. I tried to select server OldDC, anyway, but it said invalid syntax.
Can anyone offer a suggestion on how to remove this old server?
If I go to ADUC and select to delete OldDC, i get the "you are attempting to delete a Domain Controller without running the removal wizard..." message. I check the box for Delete this DC anyway and click the Delete button. Here's the message I get.
Windows cannot delete object
LDAP://NewDC.mydomain.org/
Access is denied
I can't run a DCPROMO /FORCEREMOVAL because that's now incorporated into Server Manager.
I ran NTDSUTIL and when I listed the servers in site, it only lists NewDC. I tried to select server OldDC, anyway, but it said invalid syntax.
Can anyone offer a suggestion on how to remove this old server?
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Make sure that the old DC is not protected from accidental deletion. If that does not work then go into adsiedit and remove the DC from there
Also run netdom query dc
If it shows the old dc then you should also see it using ntdsutil and remove the object and perform the meta data cleanup as usual. Make sure that you did not originally make an incorrect command in ntdsutil and missed the old dc entry.
Will.
Also run netdom query dc
If it shows the old dc then you should also see it using ntdsutil and remove the object and perform the meta data cleanup as usual. Make sure that you did not originally make an incorrect command in ntdsutil and missed the old dc entry.
Will.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
You can try removing it via powershell as well. Open up powershell (run as administrator)
run this command
Uninstall-ADDSDomainContro
ref link:
https://technet.microsoft.com/en-us/library/hh974714(v=wps.630).aspx
run this command
Uninstall-ADDSDomainContro
ref link:
https://technet.microsoft.com/en-us/library/hh974714(v=wps.630).aspx
Foxluv, wouldn't that remove AD from the server I run the command from?
I need to remove OldDC (which I can't get to any longer) from the AD installed on NewDC.
I believe this is the command I would want to run on OldDC, not NewDC.
I need to remove OldDC (which I can't get to any longer) from the AD installed on NewDC.
I believe this is the command I would want to run on OldDC, not NewDC.
I would strongly suggest reading this:
https://technet.microsoft.com/en-us/library/jj679892.aspx
and would check on parameters/limits and (roles and features)/(Availability and limitations)
Does anything within your network exceed limits or limitations?
Rob
https://technet.microsoft.com/en-us/library/jj679892.aspx
and would check on parameters/limits and (roles and features)/(Availability and limitations)
Does anything within your network exceed limits or limitations?
Rob
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012
From novice to tech pro — start learning today.
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 303 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 435 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 388 lessons
-
Windows Server 2012Certification: MCSA MCSE Microsoft Certified Solutions Associate & … 450 lessons
-
Microsoft ApplicationsCertification: MCSE Microsoft Certified Systems Engineer - Identity … 440 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
FSMO Roles?
https://support.microsoft.com/en-us/kb/255504
Rob