2.5. Removing an Orphaned Domain
Problem
You want to completely remove a domain that was orphaned because “This server is the last domain controller in the domain” was not selected when demoting the last domain controller, the domain was forcibly removed, or the last domain controller in the domain was decommissioned improperly.
Solution
Using a command-line interface
The following ntdsutil
commands (in bold) would forcibly
remove the emea.rallencorp.com
domain from the rallencorp.com
forest. Replace
<DomainControllerName> with the
hostname of the Domain Naming Flexible Single Master Operation (FSMO)
for the forest:
> ntdsutil "meta clean" "s o t" conn "con to server <DomainControllerName>" q qmetadata cleanup:"s o t" "list domains"Found 4 domain(s) 0 - DC=rallencorp,DC=com 1 - DC=amer,DC=rallencorp,DC=com 2 - DC=emea,DC=rallencorp,DC=com 3 - DC=apac,DC=rallencorp,DC=com select operation target: sel domain 2 No current site Domain - DC=emea,DC=rallencorp,DC=com No current server No current Naming Context select operation target: q metadata cleanup: remove sel domain
You will receive a message indicating whether the removal was successful.
Discussion
Removing an orphaned domain consists of removing the domain object
for the domain (e.g., dc=emea,dc=rallencorp,dc=com), all of its
child objects, and the associated crossRef object
in the Partitions container. You need to target
the Domain Naming FSMO when using the ntdsutil command because that server is responsible for creation and ...
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
