Active Directory How-To pages

How to remove a domain controller that no longer exists?

Incomplete addition or removal of a domain controller can lead to inconsistency in data due to the presence of a domain controller that exists, but is not completely functional. This hinders other processes and complete cleanup is required. The following steps describe how to cleanup the metadata.

1. In the command line, type ntdsutil and press enter.
   C:\WINDOWS→ntdsutil
   You will see the following prompt displayed in the command prompt window:
   ntdsutil:
2. At the Ntdsutil: prompt, type metadata cleanup
   ntdsutil: metadata cleanup
   Once you are done with that, the metadata cleanup prompt will appear like this:
   metadata cleanup:
3. At the 'metadata cleanup:' prompt, type connections and press Enter.
   
   metadata cleanup: connections
   Now the server connections mode is on, as mentioned below:
   server connections:
4. In 'server connections:', type :
   connect to server < servername→

   Here <servername→ is the domain controller (any functional domain controller in the same domain) from which you plan to clean up the metadata of the failed domain controller. Press Enter after entering your server name. In this case, consider the server name to be server100. You will see the following entry.
   server connections: connect to server server100
   Binding to server100 ...
   Connected to server100 using credentials of locally logged on user.

5. Type 'q' in server connections to quit and press Enter to return to the metadata cleanup prompt.
   server connections: q
   metadata cleanup:
6. In metadata cleanup, type select operation target and press Enter.
   metadata cleanup: Select operation target
   Now select operation target mode will come up.
   select operation target:
7. Type list domains and press Enter.
   select operation target: list domains
   This lists all domains in the forest with a number associated with each.
   Found 1 domain(s)
   0 - DC=dorg,DC=net
8. Type select domain <number→, where <number→ corresponds to the domain in which the failed server was located. Press Enter.
   select operation target: Select domain 0
   We specify the number as 0 here, as the previous prompt let us know that 0 is the number assigned to the domain "dorg.net". Next you will see:
   No current site
   Domain - DC=dorg,DC=net
   No current server
   No current Naming Context
9. Type list sites and press Enter.
   select operation target: List sites
   The sites belonging to this domain are then listed as below:
   Found 1 site(s)
   0-CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg,DC=net
10. Type select site <number→, where <number→ refers to the number of the site in which the domain controller was a member. Press Enter.
    select operation target: Select site 0
    We specify the number as 0 here, as the previous prompt let us know that 0 is the number assigned to the site available. Next you will see:
    Site-CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg,zC=net
    Domain - DC=dorg,DC=net
    No current server
    No current Naming Context
11. Type list servers in site and press Enter.
    select operation target: List servers in site
    This will list all servers in that site with a corresponding number.
    Found 2 server(s)
    0-CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg,DC=net
    1-CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg,DC=net
12. Type select server <number→ and press Enter, where <number→ refers to the domain controller to be removed.
    select operation target: Select server 0
    The number is 0 since we want to take out server200. You will be able to view:
    
    Site-CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg,DC=net Domain - DC=dorg,DC=net
    Server-CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg,DC=net
    DSA-object-CN=NTDSSettings,CN=SERVER200,CN=Servers, CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg, DC=net DNS host name - server200.dorg.net
    Computer object-CN=SERVER200,OU= Domain Controllers,DC=dorg,DC=net
13. Type 'q' to quit and press Enter. The Metadata cleanup menu is displayed.
    select operation target: q
    metadata cleanup:
14. Type "remove selected server" and press Enter. You will receive a warning message. Read it, and if you agree, press Yes.

    metadata cleanup: Remove selected server
    "CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,
    CN=Sites,CN=Configuration,DC=dorg,DC=net" removed from server "server100"

15. Type quit, and press Enter until you return to the command prompt to remove the failed server object from the sites.
16. In Active Directory Users and Computers, expand the domain controllers container. Delete the computer object associated with the failed domain controller.
17. Windows Server 2003 AD might display a new type of question window, asking you if you want to delete the server object without performing a DCPROMO operation . Select “This DC is permanently offline…” and click on the Delete button.
18. AD will display another confirmation window. If you’re sure that you want to delete the failed object, click Yes to remove the failed server object from DNS.
19. In the DNS snap-in, expand the zone that is related to the domain from where the server has been removed. Remove the CNAME record in the _msdcs.root domain of forest zone in DNS. You should also delete the HOSTNAME and other DNS records. If you have reverse lookup zones, also remove the server from these zones.