Do this on Server A (good domain controller)
1. Click Start, point to Programs, point to Accessories, and then click
Command Prompt.
2. At the command prompt, type ntdsutil, and then press ENTER.
3. Type metadata cleanup, and then press ENTER. Based on the options
given, the administrator can perform the removal, but additional
configuration parameters must be specified before the removal can
occur.
4. Type connections and press ENTER. This menu is used to connect to
the specific server where the changes occur. If the currently logged on
user does not have administrative permissions, different credentials
can be supplied by specifying the credentials to use before making the
connection. To do this, type set creds DomainNameUserNamePassword, and
then press ENTER. For a null password, type null for the password
parameter.
5. Type connect to server servername, and then press ENTER (THIS
SERVERNAME SHOULD BE SERVER A). You should receive confirmation that
the connection is successfully established. If an error occurs, verify
that the domain controller being used in the connection is available
and the credentials you supplied have administrative permissions on the
server.
6. Type quit, and then press ENTER. The Metadata Cleanup menu appears.
7. Type select operation target and press ENTER.
8. Type list domains and press ENTER. A list of domains in the forest
is displayed, each with an associated number.
9. Type select domain number and press ENTER, where number is the
number associated with the domain the server you are removing is a
member of. The domain you select is used to determine whether the
server being removed is the last domain controller of that domain.
10. Type list sites and press ENTER. A list of sites, each with an
associated number, appears.
11. Type select site number and press ENTER, where number is the number
associated with the site the server you are removing is a member of.
You should receive a confirmation listing the site and domain you
chose.
12. Type list servers in site and press ENTER. A list of servers in the
site, each with an associated number, is displayed.
13. Type select server number, where number is the number associated
with the server you want to remove(WHICH SHOULD BE SERVER B). You
receive a confirmation listing the selected server, its Domain Name
System (DNS) host name, and the location of the server's computer
account you want to remove.
14. Type quit and press ENTER. The Metadata Cleanup menu appears.
15. Type remove selected server and press ENTER. You should receive
confirmation that the removal completed successfully. If you receive
the following error message, the NTDS Settings object may already be
removed from Active Directory as the result of another administrator
removing the NTDS Settings object or replication of the successful
removal of the object after running the DCPROMO utility.
How to remove data in Active Directory after an unsuccessful domain
controller demotion
http://support.microsoft.com/kb/216498
Good luck
Harj Singh
Power Your Active Directory Investment
www.specopssoft.com
John wrote:
Ok, so if I have a good domain controller, called A and the problematic
domain controller called B.
I should be logged in under administrator on Server A and run the
ntsdutil
on Server A, if so what commands do I use to remove the problematic
server,
or should I be logged in under administrator on Server B and run the
ntsdutil on that server?
Sorry, but I'm abit confused on the ntsdutil program!
Thanks
"Jorge de Almeida Pinto [MVP - DS]"
when using NTDSUTIL... are you connecting to the removed DC?
if yes...you should point to a LIVE DC and remove the information from
the
removed DC
--
Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)
# Jorge de Almeida Pinto # MVP Windows Server - Directory Services
BLOG (WEB-BASED)-->
http://blogs.dirteam.com/blogs/jorge/default.aspx
BLOG (RSS-FEEDS)-->
http://blogs.dirteam.com/blogs/jorge/rss.aspx
------------------------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no
rights!
* Always test before implementing!
------------------------------------------------------------------------------------------
#################################################
#################################################
------------------------------------------------------------------------------------------
Ok I forceremoval and ran the ntdsutil and still get no more end
points
when running the ntsdutil
Is there a way to remove the problematic server from the non
problematic
domain controller?
You read it wrong, it said "readd" not "read"
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.
I'm confused on this point.
"I would remove the read to the domain."
Once the DC is a member server I would remove and readd to the
domain
(This is not an absoultely required step but one I do to get a new
computer object sid)
Thanks
message
I'm not sure what you are asking? Unless you misunderstood my
point.
Remove from the domain, re-join the member server to the domain.
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers
no
rights.
Thanks Paul,
How do I remove the read from the domain?
Thanks again
message
If you are unable to demote this DC and you can't transfer the
role
then you will probably have to do the following:
On the problematic machine run dcpromo /forceremoval
http://support.microsoft.com/default.aspx/kb/332199/en-us
Once the DC is a member server I would remove and readd to the
domain (This is not an absoultely required step but one I do to
get
a new computer object sid)
Then you will need to go back and cleanup AD's metadata since it
wasn't cleaned up from the demotion
http://support.microsoft.com/?id=216498
Once done with this, you should be able to go back and repromote
the
member server to a DC
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the
NewsGroup
This posting is provided "AS IS" with no warranties, and confers
no
rights.
I seem to have a problem with Active Directory and tried to
remove
it using dcpromo and get the following error:
Active Directory could not transfer the remaining data in
directory
partition CN=Schema,CN=Configuration,DC=abc,DC=com to domain
conroller mail.abc.com
"There are no more endpoints available from the endpoint
mapper"
This setup consists of 2 Windows 2003 server both are domain
controllers and both have SP1 installed. On mail.abc.com
everything
is running ok. From the problematic server I can ping the
mail.abc.com server with the ip address and dns name.
Is there a way to remove the problematic server manually and
run
dcpromo to put it back in the active directory?
Thanks
