F
Francisco Duran
A hardware problem forced us to remove a DC-controller from our network.
The roles were taken by other DCs and as a gracefully demotion couldn't be
performed, we had to clean-up the metadata following instructions from:
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
This worked just fine but now the problem is that in the ACtive Directory
Users and Computers, in the Domain Controllers container, there's still
information for that DC.
We've tried to delete the server from the list and it gives the following
message: The DSA object cannot be delete.
It seems that it cannot be deleted as the server is registered in the active
directory as having a userAccountControl number of: 524288 which means the
server is trusted for delegation.
When we try to uncheck that option from the AD Users and Computers, it shows
the message: "Your security setting do not allow you to Specify whether or
not this account is to be trusted for delagation".
We even changed the GPSO to allow: "Enable computer and user accounts to be
trusted for delegation" and then tried to change this userAccountControl
value using even the ADSI Edit but the message still appers.
Can anybody help me to remove this Ghost DCs from the Active Directory?
The roles were taken by other DCs and as a gracefully demotion couldn't be
performed, we had to clean-up the metadata following instructions from:
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
This worked just fine but now the problem is that in the ACtive Directory
Users and Computers, in the Domain Controllers container, there's still
information for that DC.
We've tried to delete the server from the list and it gives the following
message: The DSA object cannot be delete.
It seems that it cannot be deleted as the server is registered in the active
directory as having a userAccountControl number of: 524288 which means the
server is trusted for delegation.
When we try to uncheck that option from the AD Users and Computers, it shows
the message: "Your security setting do not allow you to Specify whether or
not this account is to be trusted for delagation".
We even changed the GPSO to allow: "Enable computer and user accounts to be
trusted for delegation" and then tried to change this userAccountControl
value using even the ADSI Edit but the message still appers.
Can anybody help me to remove this Ghost DCs from the Active Directory?