asked on

How do I manually remove a 2016 AD domain controller that failed

I have to manually remove a failed domain controller. This is a 2016 DC with the functional level at 2016. Can you provide the steps necessary. I can find information relating to 2008 DC's but not 2016. Are there any differences?

Thanks

Hello There

No, the procedure is the same. If the DC crashed, you have to:
1. Shutdown a bad DC
2. Run metadata cleanup from a healthy DC

ntdsutil
metadata cleanup
remove selected server <servername>

Open in new window

3. Verify there are no entries in DNS, Active Directory Users and Computers, Active Directory Sites and Services, and Active Directory Domains and Trust. If you find any, delete them.
4. Seize FSMO roles if needed

C:\Windows>ntdsutil
ntdsutil: roles
fsmo maintenance: connections
server connections: connect to server <new_server>
server connections: q
fsmo maintenance: Seize domain naming master
fsmo maintenance: Seize infrastructure master
fsmo maintenance: Seize PDC
fsmo maintenance: Seize RID master
fsmo maintenance: Seize schema master

Open in new window

5. Install the system from scratch (use the same hostname and the IP address if you like)
6. Install ADDS + DNS
7. Verify the replication

Seth Simmons

I can find information relating to 2008 DC's but not 2016. Are there any differences?

procedure is the same

Clean up Active Directory Domain Controller server metadata

https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup

This question needs an answer!

Become an EE member today

7 DAY FREE TRIAL

Members can start a 7-Day Free trial then enjoy unlimited access to the platform.

View membership options

Learn why we charge membership fees

We get it - no one likes a content blocker. Take one extra minute and find out why we block content.