Share this question

Welcome to Teachnovice Q&A, where you can ask questions and receive answers from other members of the community.

This is a collaboratively edited question and answer site for computer enthusiasts and power users. It's 100% free, no registration required.

How to remove a dead or not active Domain Controller from Domain?

0 like 0 dislike
138 views
Hi,

We have a domain controller which is not on network anymore and i would like to remove this from our domain.

 

I have try to remove it from AD but i got error message saying this cant be done.

if anyone know how I can safly remove this DC from our Domain.
asked Mar 12, 2015 by V3  

3 Answers

0 like 0 dislike
 
Best answer

I had same problem and I used a TechNet script which is on technet site.

Remove Active Directory Domain Controller Metadata

  1. The GUI Metadata Cleanup Utility removes Active Directory domain controller metadata left behind after a domain controller is removed improperly or unsuccessfully (typically a dcpromo /forceremoval). This script was written by Clay Perrine and submitted by Kurt Hudson, both of Microsoft.
  2. This script queries Active Directory to locate all domain controllers in the domain. It then displays these domain controllers in an input box that reads “Enter the computer name to be removed.” Type the name of the domain controller and click okay; the metadata for the hostname that was entered will be removed from the directory.

Copy the script and save it as .vbs format and then run it, it will show all dc in your domain and then you just enter the dc name which you like to remove from your domain

answered Mar 13, 2015 by tea  

Thank you so much this script is so easy to use and it had clear the dc from my domain.

0 like 0 dislike

WARNING:  Use this procedure at your own risk.  Incorrect use of these steps may cause Active Directory to cease functioning.  If you have any doubt over the suitability of this procedure, then do not utilize it and seek help elsewhere.

Step one doesn’t actually have anything to do with deleting the DC from AD though.  The first thing you should do is determine if the failed DC had held any of the 5 FSMO roles.  If so… relocate them to a functional DC immediately.

With that taken care of, the next thing to do is to just shutdown the failed domain controller.  If your failed DC is still online, but the demotion is continuously failing… then just go ahead and turn it off cold.  Unplug it from the network.  After this process, you will NOT want to turn it on again before you rebuild it.

Now, open up a command prompt, and invoke the following commands.  (Note that the underlined sections are values to which you must provide the answers.)

ntdsutil
metadata cleanup
connections
connect to server hostname of a functional DC
quit
select operation target
list domains
select domain #
list sites
select site #
list servers in site
select server #
quit
remove selected server
Click [YES] when presented with the warning message.
quit

Next, open up "Active Directory Sites and Services", and…

Expand Sites –> Your Site Name –> Servers
Right-click on the failed DC, and select "Delete".

Finally, open up "Active Directory Users and Computers", and…

Expand , and open up the "Domain Controllers" container.
Right-click the hostname of the failed DC, and select "Delete".

You will be prompted for a reason for deleting the object.  Select "The domain controller is permanently offline and can no longer be demoted using Active Directory Installation Wizard (DCPROMO)."

Click [Delete].
Click [Yes] to confirm the deletion of the object.

That’s it.  The offending data has now been purged out of Active Directory.

answered Mar 12, 2015 by tt  
0 like 0 dislike

You will need the following tool: Ntdsutil.exe, Active Directory Sites and Services, Active Directory Users and Computers.

Also, make sure that you use an account that is a member of the Enterprise Admins universal group.

Caution: Using the Ntdsutil utility incorrectly may result in partial or complete loss of Active Directory functionality.

To clean up metadata
1.At the command line, type Ntdsutil and press ENTER.

C:\WINDOWS> ntdsutil
ntdsutil:

2.At the Ntdsutil: prompt, type metadata cleanup and press Enter.

ntdsutil: metadata cleanup
metadata cleanup:

3.At the metadata cleanup: prompt, type connections and press Enter.

metadata cleanup: connections
server connections:

4.At the server connections: prompt, type connect to server <servername>, where <servername> is the domain controller (any functional domain controller in the same domain) from which you plan to clean up the metadata of the failed domain controller. Press Enter.

server connections: connect to server server100
Binding to server100 ...
Connected to server100 using credentials of locally logged on user.
server connections:

Note: Windows Server 2003 Service Pack 1 eliminates the need for the above step.

5.Type quit and press Enter to return you to the metadata cleanup: prompt.

server connections: q
metadata cleanup:

6.Type select operation target and press Enter.

metadata cleanup: Select operation target
select operation target:

7.Type list domains and press Enter. This lists all domains in the forest with a number associated with each.

select operation target: list domains
Found 1 domain(s)
0 - DC=dpetri,DC=net
select operation target:

8.Type select domain <number>, where <number> is the number corresponding to the domain in which the failed server was located. Press Enter.

select operation target: Select domain 0
No current site
Domain - DC=dpetri,DC=net
No current server
No current Naming Context
select operation target:

9.Type list sites and press Enter.

select operation target: List sites
Found 1 site(s)
0 - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
select operation target:

10.Type select site <number>, where <number> refers to the number of the site in which the domain controller was a member. Press Enter.

select operation target: Select site 0
Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
Domain - DC=dpetri,DC=net
No current server
No current Naming Context
select operation target:

11.Type list servers in site and press Enter. This will list all servers in that site with a corresponding number.

select operation target: List servers in site
Found 2 server(s)
0 - CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
1 - CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
select operation target:

12.Type select server <number> and press Enter, where <number> refers to the domain controller to be removed.

select operation target: Select server 0
Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
Domain - DC=dpetri,DC=net
Server - CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
DSA object - CN=NTDS Settings,CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
DNS host name - server200.dpetri.net
Computer object - CN=SERVER200,OU=Domain Controllers,DC=dpetri,DC=net
No current Naming Context
select operation target:

13.Type quit and press Enter. The Metadata cleanup menu is displayed.

select operation target: q
metadata cleanup:

14.Type remove selected server and press Enter.

You will receive a warning message. Read it, and if you agree, press Yes.

metadata cleanup: Remove selected server
"CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net" removed from server "server100"
metadata cleanup:

At this point, Active Directory confirms that the domain controller was removed successfully. If you receive an error that the object could not be found, Active Directory might have already removed from the domain controller.

15.Type quit, and press Enter until you return to the command prompt.

To remove the failed server object from the sites

16.In Active Directory Sites and Services, expand the appropriate site.

17.Delete the server object associated with the failed domain controller.

  • To remove the failed server object from the domain controllers container

18.In Active Directory Users and Computers, expand the domain controllers container.

19.Delete the computer object associated with the failed domain controller.

20.Windows Server 2003 AD might display a new type of question window, asking you if you want to delete the server object without performing a DCPROMO operation (which, of course, you cannot perform, otherwise you wouldn’t be reading this article, would you…) Select “This DC is permanently offline…” and click on the Delete button.

21.AD will display another confirmation window. If you’re sure that you want to delete the failed object, click Yes.

To remove the failed server object from DNS

22.In the DNS snap-in, expand the zone that is related to the domain from where the server has been removed.

23.Remove the CNAME record in the _msdcs.root domain of forest zone in DNS. You should also delete the HOSTNAME and other DNS records.

24.If you have reverse lookup zones, also remove the server from these zones.

Other considerations

  • Also, consider the following:
  • If the removed domain controller was a global catalog server, evaluate whether application servers that pointed to the offline global catalog server must be pointed to a live global catalog server.
  • If the removed DC was a global catalog server, evaluate whether an additional global catalog must be promoted to the address site, the domain, or the forest global catalog load.
  • If the removed DC was a Flexible Single Master Operation (FSMO) role holder, relocate those roles to a live DC.
  • If the removed DC was a DNS server, update the DNS client configuration on all member workstations, member servers, and other DCs that might have used this DNS server for name resolution. If it is required, modify the DHCP scope to reflect the removal of the DNS server.
  • If the removed DC was a DNS server, update the Forwarder settings and the Delegation settings on any other DNS servers that might have pointed to the removed DC for name resolution.
answered Mar 13, 2015 by jae  
...