Manually Removing a Domain Controller from Active Directory

Another one from the questions I answer all the time on the newsgroups – what do I do when a domain controller is permanently failed and needs to be removed from Active Directory?

The first thing to do is to make sure the DC is really gone – wipe it. You don't want it coming back up after all this for whatever reason. The second thing is don't just delete the DC from AD Users & Computers or AD Sites & Services. There are a bunch of things under the hood that have to take place first. Microsoft has several KB articles that walk through the various steps that are necessary.

If you're not running Windows 2003 SP1 on the machine you'll do these steps from, you need to seize any FSMO roles which were on the failed domain controller first:

After this, clean up the server metadata in AD:

Give it time to replicate through your environment. There will be an empty server object in AD Sites & Services which you can delete. If there's a computer account left over you can delete that as well.

Posted Monday, October 09 2006 10:33 AM by | Comments
Tagged as: ,

Comments