Re: Remove domain with no domain controller

From: Mike Aubert (mikenews2_at_2000trainers.com)
Date: 02/24/04 

Date: Tue, 24 Feb 2004 02:41:25 -0600

Hey Andrew,

Is the account you are logging on with a member of Enterprise Admins?

For example, even if you are an administrator in domain A, you don't have
permission to delete a domain controller in domain B (the failed domain).
You could normally log on as an administrator for domain B and remove the
domain controller, but (because there are no domain controllers for the
domain) you obviously can't log on that way in this instance.

Try using an account that is a member of Enterprise Admins and see if you
still get the error (if you have to add yourself to that group be sure that
the change replicates and that you log off and back on).

Let me know if I'm misunderstanding your scenario (i.e. what exactly has
failed)...

Mike

------------------------------------------------------------------
Mike Aubert
MCSE, MCSD, MCDBA
mikenews2@2000trainers.com

Note the "news2" in my email address is temporary and may be changed in the
future, remove it to email me at my Permanente address.
This posting is provided "AS IS" with no warranties, and confers no rights.

"Andrewb" <andrewb@acenet.net.au> wrote in message
news:05AF118C-754A-49E4-A183-3DE6D7689B46@microsoft.com...
> I am running Windows 2003 on all domain controllers.
> When I use NTDSUTIL to attempt to remove a domain (domain was not demoted
with dcpromo) as described in KB216498 using 'remove selected server'. I
first receive a message box prompt saying basically 'are you sure' and
'server does not exist' I select 'Yes' I am sure, then NTDSUTIL responds
with the error 'DsRemoveDsServerW error 0x5(Access is denied)'?

Relevant Pages

  • Re: Escalate privileges possible on DC?
    ... In a forest there are transitive trusts between all the domains. ... enterprise admins group which is in the administrators group of every domain in the ... Of course anyone gaining access to a domain controller can compromise the ... domain that only contains the administrator which would also be a member of the ...
    (microsoft.public.win2000.security)
  • Re: DNS Nightmare - Cant create forward zone
    ... Administrator Account (Member Off Enterprise admins and member of Domain ...
    (microsoft.public.win2000.active_directory)
  • Re: local and domain administrator account
    ... >For workstations or member computers, ... >Administrator account, which is not Domain neither Enterprise Admins. ...
    (microsoft.public.win2000.security)
  • Re: Exchange 2003 EVENTID 9188
    ... users area the groups Enterprise Admins,, and Exchange Admins. ... Please check whether the local computer is a member of the group. ... the domain controller not responding. ...
    (microsoft.public.exchange.admin)
  • Re: Exchange 2003 EVENTID 9188
    ... users area the groups Enterprise Admins,, and Exchange Admins. ... Please check whether the local computer is a member of the group. ... the domain controller not responding. ...
    (microsoft.public.exchange.admin)