3.6. Removing an Unsuccessfully Demoted Domain Controller


Demotion of a domain controller was unsuccessful or you are unable to bring a domain controller back online and you want to manually remove it from Active Directory.


The first step in the removal process is to run the following ntdsutil command, where <DomainControllerName> is a domain controller in the same domain as the one you want to forcibly remove:

               > ntdsutil "meta clean" conn "co to ser <

               >" q "s o t" "l d"
Found 2 domain(s)
0 - DC=rallencorp,DC=com
1 - DC=emea,DC=rallencorp,DC=com

Select the domain of the domain controller you want to remove. In this case, I’ll select the emea.rallencorp.com domain:

select operation target: sel domain 1

Now, list the sites and select the site the domain controller is in (I’ll use 1 for MySite1):

select operation target: list sites
Found 4 site(s)
0 - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=rallencorp,DC=com
1 - CN=MySite1,CN=Sites,CN=Configuration,DC=rallencorp,DC=com
2 - CN=MySite2,CN=Sites,CN=Configuration,DC=rallencorp,DC=com
3 - CN=MySite3,CN=Sites,CN=Configuration,DC=rallencorp,DC=com
select operation target: sel site 1

Next, select the server you want to remove; in this case, I’m choosing 0 for DC5:

select operation target: list servers for domain in site Found 2 server(s) 0 - CN=DC5,CN=Servers,CN=MySite1,CN=Sites,CN=Configuration,DC=rallencorp,DC=com 1 - CN=DC9,CN=Servers,CN=MySite1,CN=Sites,CN=Configuration,DC=rallencorp,DC=com ...

Get Active Directory Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.