Problem
You have a dead DC so cannot remove and demote using the dcpromo command
Solution
For this solution we will try locate and remove the server manually
Method 1
- Open Active Directory Users and Computers: On the Start menu, point to Administrative Tools, and then click Active Directory Users and Computers.
- If you have identified replication partners in preparation for this procedure and if you are not connected to a replication partner of the removed domain controller whose metadata you are cleaning up, right-click Active Directory Users and Computers <DomainControllerName>, and then click Change Domain Controller. Click the name of the domain controller from which you want to remove the metadata, and then click OK.
- Expand the domain of the domain controller that was forcibly removed, and then click Domain Controllers.
- In the details pane, right-click the computer object of the domain controller whose metadata you want to clean up, and then click Delete.
- Click ok on the prompt to delete
- Select the check box indicating that the server is permanently offline then click Delete.
- If the server was a global catalog say yes to the next prompt.
- If there are errors proceed to Method 2 if not go to the next steps section
Method 2
Clean up server metadata using Active Directory Sites and Services
- Open Active Directory Sites and Services
- If you have identified replication partners in preparation for this procedure and if you are not connected to a replication partner of the removed domain controller whose metadata you are cleaning up, right-click Active Directory Users and Computers , and then click Change Domain Controller. Click the name of the domain controller from which you want to remove the metadata, and then click OK.
- Expand the site of the domain controller that was forcibly removed, expand Servers, expand the name of the domain controller, right-click the NTDS Settings object, and then click Delete.
If there are permissions errors, try the following
- Change the Active Directory Sites and Services to advanced view (View > Advance)
- Expand Sites
- Expand site with offline server
- Expand Servers, Server name, click on the NTDS Settings
- Right click and go to properties
- Under the Object tab, uncheck the “Protect Object from Accidental Deletion”
- Right click and delete the NTDS Settings
- Repeat unprotect and delete for the server object
- Go back to Active Directory Users and Computers
- Change view to advance
- Expand the Domain Controllers OU
- Delete the failed or offline DC from the OU (if it exists). If errors out check the object tab for delete protection and uncheck and then delete.
Next steps, ignore the ones that may not be applicable:
- Open Active Directory Sites and Services
- Expand out the site that the failed or offline DC resided in
- Verify the DC cannot be expanded out (no connection objects and such)
- Right Click the DC and select Delete
- Close Active Directory Sites and Services
- Open Active Directory Users and Computers
- Expand the Domain Controllers OU
- Delete the failed or offline DC from the OU (if it exists)
- Close Active Directory Users and Computers
- Open DNS Manager
- Expand the zones where this DC was a DNS server and perform the following steps
- Right click the zone and select Properties
- Click the Name Servers tab
- Remove the failed or offline DC from the Name Servers tab
- Click OK to also remove the HOST (A) or Pointer (PTR) record if asked
- Verify the zone no longer has a DNS record for the failed or offline DC
- Look through all the various folder levels including the reverse zones and remove the downed DC
If this fails please refer to next KB
AD – Clean up dead DC from Active Directory (Part 1)
AD – Clean up dead DC and domain from Active Directory
Tested Platform
Windows 2008R2
References
https://technet.microsoft.com/fr-fr/library/cc816907%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
Hits: 1657
2 comments