Re: insufficient access rights to delete dc

From: Paul McGuire (paulmcguire_at__no_spam_hotmail.com)
Date: 06/14/04 

Date: Sun, 13 Jun 2004 20:31:41 -0500

You need to do a metadata cleanup with ntdsutil.exe Follow the steps in
this KB article and then after you complete this you need to use adsiedit
and remove any left over stuff from crashed DC and then make sure dns is
clean. After this you can then dcpromo rebuilt server.

HOW TO: Remove Data in Active Directory After an Unsuccessful Domain
Controller Demotion
http://support.microsoft.com/default.aspx?kbid=216498

HTH

Paul

"Yor Suiris" <yor@hallgroupNOT.net> wrote in message
news:%23XGxemYUEHA.712@TK2MSFTNGP11.phx.gbl...
> Lost a DC (ungracfully) and need to delete it from AD. But when using
> ADSIedit (As Per MS Doc 216498) to do so I get "insufficient access rights
> to perform the operation". I am using an account that is a memeber of
> Schema Admin, Enterprise Admin, Domain Admin, and even Local Admin. So who
> has more rights?
> Now I need to rebuild a machine with the same name as it was a Certificate
> Server & IIS gateway and I would rather not go through it all again. I
have
> transfred or seized all roles.
> I did try an restore, installed enough software to try a System State
> Restore, so as to gracefully demote or move things. But end up with a blue
> screen and an inaccessible boot device error. I tried three times in the
> last two days. So I want to forget the restore and rebuild (I would have
> finished it yesterday if I had not held out hope for the restore).
> And Yes I have backed up the IIS and Certificate stuff in preparation of
> creating a new server with the same name (as per MS Doc 298138 & 302573)
> I am currently ready to do DCpromo but still have old entries in AD for
the
> name I want to use.
> Any suggestions out there?
> Thanks for your time...
> --
> Yor Suiris
> Remove the kNOT to reply.
> But it is best to share it with the group.
>
>

Relevant Pages

  • insufficient access rights to delete dc
    ... Schema Admin, Enterprise Admin, Domain Admin, and even Local Admin. ... Now I need to rebuild a machine with the same name as it was a Certificate ... Server & IIS gateway and I would rather not go through it all again. ... I did try an restore, installed enough software to try a System State ...
    (microsoft.public.win2000.active_directory)
  • Re: Bad RAID Configuration Need Rebuild 1st DC
    ... >I'm told that there is a bad strip any attempts to rebuild fail even though ... >So I'm looking for the best solution to backup and restore this DC! ... >> I understand you one stripe is broken in the OS RAID 1 on one of your DCs. ...
    (microsoft.public.windows.server.setup)
  • Re: Bad RAID Configuration Need Rebuild 1st DC
    ... I'm told that there is a bad strip any attempts to rebuild fail even though ... So I'm looking for the best solution to backup and restore this DC! ... > I understand you one stripe is broken in the OS RAID 1 on one of your DCs. ...
    (microsoft.public.windows.server.setup)
  • Re: SBS2003 rebuild
    ... An ASR backup/restore is then more likely to succeed than imaging. ... allowing you to reinitialise the array but maintain your current AD. ... and then restore the rest. ... In this context the 'rebuild' takes the existing ...
    (microsoft.public.windows.server.sbs)
  • Re: 1005/DSRESTOR error after SP1
    ... what is your AD restore password if you DO chamge the admin ... > All sp1 does is affect the routine that keeps the passwords in sync. ...
    (microsoft.public.windows.server.sbs)
Loading