AD – Clean up dead DC and domain from Active Directory

Active Directory, DNS, Ntdsutil, Services, Windows 2008R2, Windows 2012R2, Windows Servers 2 comments

Problem
You have a dead DC so cannot remove and demote using the dcpromo command

Solution – Metadata Clean up
For this solution we will try the metadata clean up

  • Open the Command Prompt as administrator
  • Type ntdsutil to activate the NTDS commands
  • Type metadata cleanup
  • Type connections
  • Type connect to server <servername> where server name is a domain controller
  • Type quit
  • Type select operations target
  • Type lists sites
  • Type select site <#number> where <#number> is the site where the failed or offline DC resided
  • Type list servers in site
  • Type select server <#number> where <#number> is the DC that is failed or offline
  • Type list domains
  • Type select domain <#number> where <#number> is the domain where the failed or offline DC resided (at this point you should verify that the site, server and domain are all selected)
  • Type quit (this should set you back to the metadata cleanup menu)
  • Type remove selected server ( verify that this is the correct DC in the pop up message)[ if an error pops up about no current domain go back to select operations target, list and select domains and continue]
  • Click Yes

Next steps:

  • Open Active Directory Sites and Services
  • Expand out the site that the failed or offline DC resided in
  • Verify the DC cannot be expanded out (no connection objects and such)
  • Right Click the DC and select Delete
  • Close Active Directory Sites and Services
  • Open Active Directory Users and Computers
  • Expand the Domain Controllers OU
  • Delete the failed or offline DC from the OU (if it even exists)
  • Close Active Directory Users and Computers
  • Open DNS Manager
  • Expand the zones where this DC was a DNS server and perform the following steps
    • Right click the zone and select Properties
    • Click the Name Servers tab
    • Remove the failed or offline DC from the Name Servers tab
    • Click OK to also remove the HOST (A) or Pointer (PTR) record if asked
    • Verify the zone no longer has a DNS record for the failed or offline DC
    • Look through all the various folder levels including the reverse zones and remove the downed DC

If this fails please refer to other KBs:
AD – Clean up dead DC from Active Directory (Part 1)
AD – Clean up dead DC from Active Directory (Part 2)

Tested Platform
Windows 2008R2

References
https://technet.microsoft.com/fr-fr/library/cc816907%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

Hits: 902