Delete DC from AD

  • Thread starter Thread starter AT
  • Start date Start date
A

AT

Hello,

I know this has been up before but the post is deleted from the server.
I have a DCReplica that no longer is capable to do it's job. (it has
crashed and will never get back in shape). Since this was not suspected it
was obviously never demoted.
How the heck can I delete all traces of it from my AD.
The KB gives me no real help and every information I can find any where
expect me to replace the DCReplica and that will not happen.

Thank you all for any help


AT
 
You may need to delete child objects of the DC computer
object first.

Use ADSIedit to remove child objects.

HTH,
Neil
 
ntdsutil: Metadata cleanup

metadata cleanup: Connections

server connections: Connect to server c0zona31
Binding to c0zona31 ...
Connected to c0zona31 using credentials of locally logged
on user
server connections: q

metadata cleanup: Select operation target

select operation target: List domains
Found 4 domain(s)
0 - DC=internal,DC=credit,DC=it
1 - DC=zona1,DC=internal,DC=credit,DC=it
2 - DC=zona2,DC=internal,DC=credit,DC=it
3 - DC=zona3,DC=internal,DC=credit,DC=it
select operation target: Select domain 3
No current site
Domain - DC=zona3,DC=internal,DC=credit,DC=it
No current server
No current Naming Context
select operation target: List sites
Found 747 site(s)
0 -
CN=Credit2,CN=Sites,CN=Configuration,DC=internal,DC=credit,
DC=it
1 -
CN=2260Site,CN=Sites,CN=Configuration,DC=internal,DC=credit
,DC=it
2 -
CN=Credit1,CN=Sites,CN=Configuration,DC=internal,DC=credit,
DC=it
3 -
CN=SiteService,CN=Sites,CN=Configuration,DC=internal,DC=cre
dit,DC=it
4 -
CN=24A0Site,CN=Sites,CN=Configuration,DC=internal,DC=credit
,DC=it
5 -
CN=2280Site,CN=Sites,CN=Configuration,DC=internal,DC=credit
,DC=it
6 -
CN=Credit3,CN=Sites,CN=Configuration,DC=internal,DC=credit,
DC=it
...................................................
...................................................
670 -
CN=4850Site,CN=Sites,CN=Configuration,DC=internal,DC=credit
,DC=it
671 -
CN=4860Site,CN=Sites,CN=Configuration,DC=internal,DC=credit
,DC=it

select operation target: Select site 670
Site -
CN=4850Site,CN=Sites,CN=Configuration,DC=internal,DC=credit
,DC=it
Domain - DC=zona3,DC=internal,DC=credit,DC=it
No current server
No current Naming Context

select operation target: List servers in site
Found 2 server(s)
0 -
CN=C0485000,CN=Servers,CN=4850Site,CN=Sites,CN=Configuratio
n,DC=internal,DC=
credit,DC=it
1 -
CN=C0TMP100,CN=Servers,CN=4850Site,CN=Sites,CN=Configuratio
n,DC=internal,DC=
credit,DC=it
select operation target: select server 1
Site -
CN=4850Site,CN=Sites,CN=Configuration,DC=internal,DC=credit
,DC=it
Domain - DC=zona3,DC=internal,DC=credit,DC=it
Server -
CN=C0TMP100,CN=Servers,CN=4850Site,CN=Sites,CN=Configuratio
n,DC=interna
l,DC=credit,DC=it
DSA object - CN=NTDS
Settings,CN=C0TMP100,CN=Servers,CN=4850Site,CN=Site
s,CN=Configuration,DC=internal,DC=credit,DC=it
DNS host name - c0tmp100.ZONA3.INTERNAL.CREDIT.IT
Computer object - CN=C0TMP100,OU=Domain
Controllers,DC=zona3,DC=internal
,DC=credit,DC=it
No current Naming Context
select operation target: q

metadata cleanup: Remove selected server
"CN=C0TMP100,CN=Servers,CN=4850Site,CN=Sites,CN=Configurati
on,DC=internal,DC=cre
dit,DC=it" removed from server "c0zona31"
metadata cleanup: q
ntdsutil: q
Disconnecting from c0zona31 ...
 
I guess I just have to go through it again to find any oblects left. I
probobly missed something. Thank you for your input.

AT
 
Finishing Cleanup

1. Remove the Host record in the forward lookup zone and the cname record in
the _msdcs.<root domain of forest> zone in DNS. Assuming that DC is going to
be reinstalled and re-promoted, a new NTDS settings object is created with a
new globally unique identifier (GUID) and a matching cname record in DNS.
You do not want the DC's that exist to use the old cname record.

2. Use ADSIEdit to delete the computer account in the OU=Domain
Controllers,DC=domain...

NOTE: The FRS subscriber object is deleted when the computer object is
deleted, since it is a child of the computer account.

3. Use ADSIEdit to delete the FRS member object in CN=Domain System Volume
(SYSVOL share),CN=file replication service,CN=system....

4. If the deleted computer was the last domain controller in a child domain
and the child domain was also deleted, use ADSIEdit to delete the
trustDomainobject for the child in CN=System, DC=domain, DC=domain, Domain
NC.

5. Delete the Computer under Sites\<Site_Name>\Servers in AD Sites and
Services

Robert Eggleston

Microsoft Corporation
 
Back
Top