Delete a DC account:'DSA object cannot be deleted'

  • Thread starter Thread starter Marlon
  • Start date Start date
M

Marlon

One of my Win2000 DCGC crashed.
Since I already have Win2003 DC's introduced in my AD domain, I want to
install Win2003 on such hardware instead.

I ran ntdsutil and I did a metdata cleanup and removed such computer account
from AD. Under AD Sites and services, I deleted the object name from there.

Now I go to AD Users & Computers and I attempt to delete the "DC-server3"
from AD, so that I can join the new Win2003 server under the same name.
When I hit "delete", I get the message
"DSA Object cannot be deleted"
How can I get rid of such computer account from AD ?
 
The old Windows 2000 GUI is protecting you. In the new GUI you get multiple
choices as to what to do.

You have a couple of options.

1. Use ADSIEDIT to delete the object.
2. Use admod to delete the object.

The admod command would be

admod -b "cn=dcname,ou=domain controllers,dc=domain,dc=com" -rm

With ADSIEDIT you would browse down to the object.

You can get admod here -> http://www.joeware.net/win/free/tools/admod.htm
 
Back
Top