DsRemoveDomainW-Error 0x2162.

  • Thread starter Thread starter Rhinehold
  • Start date Start date
R

Rhinehold

All,

I'm getting this message while trying to use ntdsutil to remove a
sub-domain. I've read through and followed the articles on removing
orphaned domains but am still getting the error.

The sub-domain was dcpromo'd down and was gone for several weeks. For
some reason it has returned with a DEL in the name (was
child.domain.com, is now
child\0ADEL:355a0e4a-b1b2-41d8-8666-ec6d76ccb020.domain.com).

When trying to remove the domain I'm told that there are still domain
controllers in the domain, but there isn't. I've removed all DNS
references to the subdomain. When I use ntdsutil and select operation
target, I can still select the server in the domain, but can not find
it ANYWHERE in the active directory with either ADSI or any other
utility. It is not in Lost+Found (that is empty). When I try to
remove the server, I get the same error. Nothing I have tried
works...

Is there somewhere I can find where AD thinks that that old server is
residing and remove it so I can remove the domain? What is the entire
list of actual steps that go into a domain promo that I can do
manually so that I can redo every instance to ensure it is gone?

Help?
 
If you can select it using ntdsutil then the ntds settings object is still
there, or at least AD thinks it is there. What happens when you attempt to
remove it using ntdsutil? Did you follow the steps using kb 216498 to
remove all references to each of the DCs in that child domain?

Verify that the Domain Naming Master FSMO role holder is being recognized
by opening Domains and Trusts, right-clicking and choosing Operations
Master. If you get an error then the role is not being recognized and you
need to fix that problem. If you cannot transfer the role then you need to
seize the role onto the same machine and try again. If that fails, rebuild
that box and seize the role to another DC.

If you used the steps in kb 216498 to remove the DCs and you cannot find it
in AD you can do an ldifde dump of the configuration container and search
the file for any of the DCs from that deleted child domain. You can use
notepad or any word processor to open the file you create with ldifde. The
command will be something similar to the following:

ldifde -f output.ldf -d "cn=configuration,dc=domain,dc=com"

237677 Using LDIFDE to Import and Export Directory Objects to Active
Directory
http://support.microsoft.com/?id=237677


David Pharr, (e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top