RE: force removal of Domain controllers from AD
- From: jprstokato <jprstokato@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 30 Apr 2007 18:34:01 -0700
Yup, done all that. Unfortunately a collegue of mine previously removed site
the that contained the offending DC, so it is cannot possibly be listed when
I run ntdsutil.
"johnsanz" wrote:
Have you executed the "ntdsutil metadata cleanup" commands?.
If you execute the following commands, do you see the Domain Controller in
question listed?
C:\ntdsutil
ntdsutil: m c
metadata cleanup: c
server connections: connect to server <your_DC>
server connections: q
metadata cleanup: s o t
select operation target: list sites
select operation target: select site <# of site DC existed in>
select operation target: list servers in site
Found X server(s)
0 - CN=....
1 - CN=....
...
Do you see the DC in question in the list above?
John
"jprstokato" wrote:
Hi john,
Thanks for your link.
I had actually read thru it before but didn't go thru the dns steps.
Thats what was blocking deletion.
I have another couple of DCs that are still causing problems with a msg:
"The object <servername> (or some of the objects it contains) cannot be
deleted because: Acces is denied."
Tried changing permissions (and am logged in with all necessary rights), but
still will not delete...any ideas?
"johnsanz" wrote:
Follow the steps outlined in the following MS KB article:
How to remove data in Active Directory after an unsuccessful domain
controller demotion
http://support.microsoft.com/kb/216498/en-us
Best Regards,
John M. Sanz
"Dragos CAMARA" wrote:
hi,
delete from ou=domain controllers, delete from site and services (be aware
to delete from depth of structure until including server name).
run ntdsutil metadata cleanup
chech the fsmo roles and reseize what is necessary (fsmo roles on deleted DC).
--
Dragos CAMARA
MCSA Windows 2003 server
"jprstokato" wrote:
Hi,
We have introduced a DC into our AD for testing purposes.
It has since been removed from the production domain and had FSMO roles
seized separatley so as to implement a completely separate test environment.
As such it is no longer part of the domain nor can it now be reintroduced
(so as to demote in the normal way as necessary).
We need to remove the DC form our production AD, so that it no longer
appears in either dssite.msc or dsa.msc.
All material I have found relates to using dcpromo which is not possible in
our situation.
(I have tried using ntdsuitl (metadata cleanup), which clears it off sites
and services, but DC still remains in dsa.)
Can someone please help and tell me how this can otherwise be done.
Thanks,
John.
MCSE, CCNA.
- Prev by Date: RE: NTDS Replication error
- Next by Date: Re: Computer Accounts disabled
- Previous by thread: RE: NTDS Replication error
- Next by thread: Re: Computer Accounts disabled
- Index(es):
Relevant Pages
|
