Windows Server 2016 AD - cannot delete a decommed DC from AD

I have a pair of Windows Server 2016 DCs (DC1 and DC2). DC2 stopped working I have demoted it, removed AD from it, and then removed it from the AD Domain. I am now trying to delete the DC2 server object from ADUAC but (as administrator) it says that the account does not have privledged to so so. I have Gone through the delegate control wizard a couple of times and rebooted DC1, to no avail. Any help would be appreciated.

Thanks!
LVL 4
Nathan HawkinsTechnical Lead - Network SecurityAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MaheshArchitectCommented:
go to domain controller account properties \ object tab and ensure that accidental deletion is unchecked and then try to delete it
1
Nathan HawkinsTechnical Lead - Network SecurityAuthor Commented:
Yes. It was unchecked. As it turned out I was checking the box that asked if I wanted to delete the tree behind the object. I kept checking the box and kept getting an error saying that the administrator account didnt have privs to do so. SO lesson learned. Do NOT check that box and you can delete the object.

So the orphaned DC has been deleted, recreated, re-promoted back to a DC, but when I do a replication there are AD groups (mostly Exchange groups) that are not being replicated to the (re-)new DC.

How do I get all groups and objects replicated back to the replicated DC?

Thanks!
0
MaheshArchitectCommented:
you need to wait for AD replication to be completed

check for event ID 1394 under directory services event logs to assure AD replication is completed

then run repadmin /showrepl from elevated cmd to ensure replication is working
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Nathan HawkinsTechnical Lead - Network SecurityAuthor Commented:
Everything shows as successful, but the Exchange health mailboxes are still not replicated to the new DC.
0
MaheshArchitectCommented:
Wait.......For some more time
0
Nathan HawkinsTechnical Lead - Network SecurityAuthor Commented:
Still has not replicated several items...
0
MaheshArchitectCommented:
do one thing
can you modify NS record on working DC and add new promoted DC NS record there ?
then restart netlogon and dns server service on new and old DC both and check how replication goes by running repadmin /Syncall on both servers
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Nathan HawkinsTechnical Lead - Network SecurityAuthor Commented:
The NS records were actually already present on both DCs so I deleted the new DC and then re-added it (on both). Restarted netlogon/DNS services (on both), then did "repadmin /Syncall" and both servers "terminated with no errors". The new DC still has not replicated several items in AD.

There is a "Microsoft Exchange System Objects" group which houses a "Monitoring Mailboxes" group which contains all the HealthMailboxes for Exchange 2016. This is what I am most after in replicating over to the new DC (ultimately I want to upgrade to server 2016 - I mislabeled this question with server 2016 when it was Exchange 2016). These are actually server 2012 r2 servers.

Im not sure if any of that helps fixing this issue and I appreciate y our help!
0
DrDave242Senior Support EngineerCommented:
There is a "Microsoft Exchange System Objects" group which houses a "Monitoring Mailboxes" group which contains all the HealthMailboxes for Exchange 2016. This is what I am most after in replicating over to the new DC

Your Repadmin output seems to indicate that everything is actually replicating, so I have to ask: Did you enable Advanced Features from the View menu of AD Users and Computers on the new DC? I don't believe the Microsoft Exchange System Objects container is visible otherwise.
0
Nathan HawkinsTechnical Lead - Network SecurityAuthor Commented:
To quote summit1g (a streamer on Twitch) "I Hate You and no one likes you!" (He says this to the people who comments on his stream that he likes).

That was totally it...

Ok - answered! and thanks!
0
Nathan HawkinsTechnical Lead - Network SecurityAuthor Commented:
All the help was appreciated!
0
DrDave242Senior Support EngineerCommented:
To quote summit1g (a streamer on Twitch) "I Hate You and no one likes you!" (He says this to the people who comments on his stream that he likes).

LOL - Glad we could help!  :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.