Another one from the questions I answer all the time on the newsgroups – what do I do when a domain controller is permanently failed and needs to be removed from Active Directory?
The first thing to do is to make sure the DC is really gone – wipe it. You don't want it coming back up after all this for whatever reason. The second thing is don't just delete the DC from AD Users & Computers or AD Sites & Services. There are a bunch of things under the hood that have to take place first. Microsoft has several KB articles that walk through the various steps that are necessary.
If you're not running Windows 2003 SP1 on the machine you'll do these steps from, you need to seize any FSMO roles which were on the failed domain controller first:
- Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
http://support.microsoft.com/kb/255504/en-us
After this, clean up the server metadata in AD:
- How to remove data in Active Directory after an unsuccessful domain controller demotion
http://support.microsoft.com/?id=216498
Give it time to replicate through your environment. There will be an empty server object in AD Sites & Services which you can delete. If there's a computer account left over you can delete that as well.
Comments, Trackbacks, & Pingbacks
#1 re: Manually Removing a Domain Controller from Active Directory
Thursday, December 06 2007 2:28 PM by Jeff#2 re: Manually Removing a Domain Controller from Active Directory
Monday, July 21 2008 11:27 AM by Rodney MarableVery well written - I meant to tell you this months ago.
#3 re: Manually Removing a Domain Controller from Active Directory
Tuesday, September 29 2009 2:48 AM by KerjukExcellent work. Very easy to grasp with your help.
Many thanks.
#4 re: Manually Removing a Domain Controller from Active Directory
Wednesday, November 04 2009 10:02 AM by HrishikeshHi,
Ur comments really helped us to resolve our issue.
Thanks.
#5 re: Manually Removing a Domain Controller from Active Directory
Thursday, November 12 2009 10:23 AM by bahaddinthanks a lot for your post, its great.
but what i had is not the exactly thing that your posted about, i have 1 PDC, and 4 ADCs in my domain, three of these ADCs are went down and for ever, they were for test issue and we removed the H/W servers (machines), now i have to remove them permanently from the doamin, but the problem is that we dont had those servers any more, and they still in our active directory, my question is, how to remove them without run the DCPROMO in each one of those ADCs? where the machines are not available.
#6 re: Manually Removing a Domain Controller from Active Directory
Thursday, November 12 2009 10:25 AM by bahaddinthanks a lot for your post, its great.
but what i had is not the exactly thing that your posted about, i have 1 PDC, and 4 ADCs in my domain, three of these ADCs are went down and for ever, they were for test issue and we removed the H/W servers (machines), now i have to remove them permanently from the doamin, but the problem is that we dont had those servers any more, and they still in our active directory, my question is, how to remove them without run the DCPROMO in each one of those ADCs? where the machines are not available.
#7 re: Manually Removing a Domain Controller from Active Directory
Thursday, June 17 2010 4:33 AM by Redliningvery valuable information on removing domain controller from active directory.
#8 re: Manually Removing a Domain Controller from Active Directory
July 29, 2009 5:53 AM by Server questionsPingback from Server questions
This saved my domain, we had a DC that went off line for to long "Tombstoned". this was the correct information and has me working again.
Jeff - U.S. Army, Network Engeneer
Thanks Brian!