Another one from the questions I answer all the time on the newsgroups – what do I do when a domain controller is permanently failed and needs to be removed from Active Directory?
The first thing to do is to make sure the DC is really gone – wipe it. You don't want it coming back up after all this for whatever reason. The second thing is don't just delete the DC from AD Users & Computers or AD Sites & Services. There are a bunch of things under the hood that have to take place first. Microsoft has several KB articles that walk through the various steps that are necessary.
If you're not running Windows 2003 SP1 on the machine you'll do these steps from, you need to seize any FSMO roles which were on the failed domain controller first:
- Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
After this, clean up the server metadata in AD:
- How to remove data in Active Directory after an unsuccessful domain controller demotion
Give it time to replicate through your environment. There will be an empty server object in AD Sites & Services which you can delete. If there's a computer account left over you can delete that as well.