3.6. Removing an Unsuccessfully Demoted Domain Controller
Problem
Demotion of a domain controller was unsuccessful or you are unable to bring a domain controller back online and you want to manually remove it from Active Directory.
Solution
The first step in the removal process is to run the following
ntdsutil
command, where
<DomainControllerName>
is a domain
controller in the same domain as the one you want to forcibly remove:
> ntdsutil "meta clean" conn "co to ser <
DomainControllerName
>" q "s o t" "l d"
Found 2 domain(s) 0 - DC=rallencorp,DC=com 1 - DC=emea,DC=rallencorp,DC=com
Select the domain of the domain controller you want to remove. In this case, I’ll select the emea.rallencorp.com domain:
select operation target: sel domain 1
Now, list the sites and select the site the domain controller is in
(I’ll use 1 for MySite1
):
select operation target: list sites Found 4 site(s) 0 - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=rallencorp,DC=com 1 - CN=MySite1,CN=Sites,CN=Configuration,DC=rallencorp,DC=com 2 - CN=MySite2,CN=Sites,CN=Configuration,DC=rallencorp,DC=com 3 - CN=MySite3,CN=Sites,CN=Configuration,DC=rallencorp,DC=com select operation target: sel site 1
Next, select the server you want to remove; in this case, I’m choosing 0 for DC5:
select operation target: list servers for domain in site
Found 2 server(s) 0 - CN=DC5,CN=Servers,CN=MySite1,CN=Sites,CN=Configuration,DC=rallencorp,DC=com 1 - CN=DC9,CN=Servers,CN=MySite1,CN=Sites,CN=Configuration,DC=rallencorp,DC=com ...
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.