Remove stolen domain controller

[Rolf]

One of the domain controllers has been stolen.
How can I remove the name from active directory users and computer?
When I try to delete the server, I am informed that this cannot be done.

Rolf

 

[Cary Shultz [A.D. MVP]]

Rolf,

You would need to use both NTDSUTIL and ADSIEdit to do this on a remaining
DC. Take a look at the following MSKB Article:

http://support.microsoft.com/?id=216498

You will need to install the Support Tools in order to make use of ADSIEdit.
The Support Tools can be found on the WIN2000 Server CD as well as on the
WIN2000 Service Pack CD in the Support | Tools folder.

HTH,

Cary

 

[Herb Martin]

Cary gave you the methods -- NTDSUtil is the normal way.

Consider this too: CHANGE ALL PASSWORDS.

If I own your AD, I can bust your passwords. It's not even
hard in 99% of the cases.

 

[Cary Shultz [A.D. MVP]]

Great point, Herb. It would not take that long at all!

Cary

 

[Herb Martin]

Great point, Herb. It would not take that long at all!

In most configurations 12 seconds per account. Really,
I have seen it done.

And the key here is that they would have the SOURCE password,
not just the hash or just access to the one server.

With those source passwords they could even access EFS
encrypted files.