Windows Server 2016 AD - cannot delete a decommed DC from AD

I have a pair of Windows Server 2016 DCs (DC1 and DC2). DC2 stopped working I have demoted it, removed AD from it, and then removed it from the AD Domain. I am now trying to delete the DC2 server object from ADUAC but (as administrator) it says that the account does not have privledged to so so. I have Gone through the delegate control wizard a couple of times and rebooted DC1, to no avail. Any help would be appreciated.

Thanks!
LVL 4
Nathan HawkinsTechnical Lead - Network SecurityAsked:
Who is Participating?
 
MaheshArchitectCommented:
do one thing
can you modify NS record on working DC and add new promoted DC NS record there ?
then restart netlogon and dns server service on new and old DC both and check how replication goes by running repadmin /Syncall on both servers
0
 
MaheshArchitectCommented:
go to domain controller account properties \ object tab and ensure that accidental deletion is unchecked and then try to delete it
1
 
Nathan HawkinsTechnical Lead - Network SecurityAuthor Commented:
Yes. It was unchecked. As it turned out I was checking the box that asked if I wanted to delete the tree behind the object. I kept checking the box and kept getting an error saying that the administrator account didnt have privs to do so. SO lesson learned. Do NOT check that box and you can delete the object.

So the orphaned DC has been deleted, recreated, re-promoted back to a DC, but when I do a replication there are AD groups (mostly Exchange groups) that are not being replicated to the (re-)new DC.

How do I get all groups and objects replicated back to the replicated DC?

Thanks!
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
MaheshArchitectCommented:
you need to wait for AD replication to be completed

check for event ID 1394 under directory services event logs to assure AD replication is completed

then run repadmin /showrepl from elevated cmd to ensure replication is working
0
 
Nathan HawkinsTechnical Lead - Network SecurityAuthor Commented:
Everything shows as successful, but the Exchange health mailboxes are still not replicated to the new DC.
0
 
MaheshArchitectCommented:
Wait.......For some more time
0
 
Nathan HawkinsTechnical Lead - Network SecurityAuthor Commented:
Still has not replicated several items...
0
 
Nathan HawkinsTechnical Lead - Network SecurityAuthor Commented:
The NS records were actually already present on both DCs so I deleted the new DC and then re-added it (on both). Restarted netlogon/DNS services (on both), then did "repadmin /Syncall" and both servers "terminated with no errors". The new DC still has not replicated several items in AD.

There is a "Microsoft Exchange System Objects" group which houses a "Monitoring Mailboxes" group which contains all the HealthMailboxes for Exchange 2016. This is what I am most after in replicating over to the new DC (ultimately I want to upgrade to server 2016 - I mislabeled this question with server 2016 when it was Exchange 2016). These are actually server 2012 r2 servers.

Im not sure if any of that helps fixing this issue and I appreciate y our help!
0
 
DrDave242Commented:
There is a "Microsoft Exchange System Objects" group which houses a "Monitoring Mailboxes" group which contains all the HealthMailboxes for Exchange 2016. This is what I am most after in replicating over to the new DC

Your Repadmin output seems to indicate that everything is actually replicating, so I have to ask: Did you enable Advanced Features from the View menu of AD Users and Computers on the new DC? I don't believe the Microsoft Exchange System Objects container is visible otherwise.
0
 
Nathan HawkinsTechnical Lead - Network SecurityAuthor Commented:
To quote summit1g (a streamer on Twitch) "I Hate You and no one likes you!" (He says this to the people who comments on his stream that he likes).

That was totally it...

Ok - answered! and thanks!
0
 
Nathan HawkinsTechnical Lead - Network SecurityAuthor Commented:
All the help was appreciated!
0
 
DrDave242Commented:
To quote summit1g (a streamer on Twitch) "I Hate You and no one likes you!" (He says this to the people who comments on his stream that he likes).

LOL - Glad we could help!  :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.