Remove a demoted or failed DC from Active Directory using Ntdsutil.exe

Jun 26th, 2009

If you ever have been in a situation where your domain controller crashes or failed and there is no way you intend to bring it back to production then you must remove the failed domain controller objects from Active Directory. In a regular procedure, to remove Domain controller from domain, you will run dcpromo to demote, but in this case, the domain controller is no more, so you have to use the ntdsutil tool to remove the objects from active directory. Also, you will need ntdsutil to remove domain controller from domain in a situation where you have tried to use dcpromo to demote but it failed, then you decided to use dcpromo /forceremoval. The force removal process does not totally clean the DC objects, so you will need to use ntdsutil to complete the process.

Here are steps that you will need to when using ntdsutil to remove a failed or forceremoval DC from your domain: You will need atleast a domain Admin or an Enterprise Admin ID to accomplish task.

Warning!! The improper use of ntdsutil can result to loss of active directory functionalities.

Make sure you have the Microsoft support tools installed.

1- Click start, run, type cmd.  This will bring the command prompt. At command prompt, type ntdsutil.exe

2- type: metadata cleanup, press enter

3- type: connections, press enter

4- type: connect to server ServerName, press enter (ServerName is name of any domain controller in domain other than the failed DC)

5- type: q, press enter

6- type: select operation target, press enter

7- type: list domains, press enter



8-type: select domain domainNumber, press enter (DomainNumber is the numerical value for domain listed in step 7 above)

9-type: list sites, press enter

10-type: select site siteNumber, press enter (siteNumber is the numerical value for site listed in step 9 above. This should be site where failed DC is/was located)

11-type:list servers in site, press enter

12-type: select server serverNumber, press enter (serverNumber is the numerical value for the demoted/failed server  listed in step 11 above)



13-type: q, press enter

14-type: remove selected server, press enter **You will receive warning pop up message, read carefully and make sure that is the correct server,the select “YES”.

Step 12-14

Step 12-14

15- server and all its objects will be reomved from Domain.

16 – Now go to start, run, type adsiedit.msc and connect to domain, scroll down to site and services and go to deleted server’s site and select server and select the server in question and right click and delete.

Be Sociable, Share!
No comments yet.