Delete Failed DCs from Active Directory

S#!” Happens!!!
The hardware failed, some software installation killed you DC or you just formatted it without demoting it first.
This will leave the entries in you Active Directory database and will eventually give you some trouble.
So, to remove this information all you need is to open a command line and be a member of the Enterprise Admins universal group.
So, open a command line and type ntdsutil. This will give you a new prompt.
At the ntdsutil: prompt, type metadata cleanup and press Enter.
At the metadata cleanup: prompt, type connections and press Enter.
At the server connections: prompt, type connect to server <servername>, where <servername> is the domain controller (any functional domain controller in the domain) from which you plan to clean up the metadata of the failed domain controller. Press Enter.
Type quit and press Enter to return you to the metadata cleanup: prompt.
Type select operation target and press Enter.
Type list domains and press Enter. This lists all domains in the forest with a number associated with each.
Type select domain <number>, where <number> is the number corresponding to the domain in which the failed server was located. Press Enter.
Type list sites and press Enter.
Type select site <number>, where <number> refers to the number of the site in which the domain controller was a member. Press Enter.
Type list servers in site and press Enter. This will list all servers in that site with a corresponding number.
Type select server <number> and press Enter, where <number> refers to the domain controller to be removed.
Type quit and press Enter. The Metadata cleanup menu is displayed.
Type remove selected server and press Enter.

You will receive a warning message. Read it, and if you agree, press Yes.

At this point, Active Directory confirms that the domain controller was removed successfully. If you receive an error that the object could not be found, Active Directory might have already removed from the domain controller.

Type quit, and press Enter until you return to the command prompt.

After you just need to confirm if the object was completely removed from Active Directory.

To remove the failed server object from the sites

In Active Directory Sites and Services, expand the appropriate site.

If the object exists, delete the server object associated with the failed domain controller, then open Active Directory Users and Computers go to the Domain Controllers container and, again, if exists, delete the computer object associated with the failed domain controller

You might get a warning asking you if you want to delete the server object without performing a DCPROMO operation (which, of course, you cannot perform). Just select “This DC is permanently offline…” and click on the Delete button.AD will display another confirmation window. If you’re sure that you want to delete the failed object, click Yes.

All that’s missing now is the DNS entries. So open the DNS mmc console.

In the DNS snap-in, expand the zone that is related to the domain from where the server has been removed.
Remove the CNAME record in the _msdcs.root domain of forest zone in DNS. You should also delete the HOSTNAME and other DNS records.
If you have reverse lookup zones, also remove the server from these zones.
Just a couple of word of advice.
Using the ntdsutil utility incorrectly may result in partial or complete loss of Active Directory functionality.
If the Domain Controller was responsible for any FSMO, don’t forget to seize the roles first.

Leave a Reply

Your email address will not be published. Required fields are marked *