How to Delete a Failed Domain Controller from Active Directory February 10, 2010Posted by General Zod in Microsoft, Tech.
We had a little drama this afternoon when one of our domain controller servers was to be demoted and retired. Unfortunately, during the run of DCPROMO, the demotion failed. I’m not entirely sure of what happened exactly as I wasn’t actually present to experience the malfunction. After the other administrator had worked on it for a while, he got annoyed… and long story short, he just pulled it off the network and blew the hard disk away. The other domain controllers are replicating OK, so the only thing for us to do now is to delete the failed DC from Active Directory as cleanly as possible.
It’s true that this procedure has been posted 100 times previously by 100 other people, but that’s not going to stop me.
WARNING: Use this procedure at your own risk. Incorrect use of these steps may cause Active Directory to cease functioning. If you have any doubt over the suitability of this procedure, then do not utilize it and seek help elsewhere.
Step one doesn’t actually have anything to do with deleting the DC from AD though. The first thing you should do is determine if the failed DC had held any of the 5 FSMO roles. If so… relocate them to a functional DC immediately.
With that taken care of, the next thing to do is to just shutdown the failed domain controller. If your failed DC is still online, but the demotion is continuously failing… then just go ahead and turn it off cold. Unplug it from the network. After this process, you will NOT want to turn it on again before you rebuild it.
Now, open up a command prompt, and invoke the following commands. (Note that the underlined sections are values to which you must provide the answers.)
connect to server hostname of a functional DC
select operation target
select domain #
select site #
list servers in site
select server #
remove selected server
Click [YES] when presented with the warning message.
Next, open up "Active Directory Sites and Services", and…
Expand Sites –> Your Site Name –> Servers
Right-click on the failed DC, and select "Delete".
Finally, open up "Active Directory Users and Computers", and…
Expand , and open up the "Domain Controllers" container.
Right-click the hostname of the failed DC, and select "Delete".
You will be prompted for a reason for deleting the object. Select "The domain controller is permanently offline and can no longer be demoted using Active Directory Installation Wizard (DCPROMO)."
Click [Yes] to confirm the deletion of the object.
That’s it. The offending data has now been purged out of Active Directory.
Now it’s time to assess the state of the rest of your domain.
- Do you still have more than one DC? If not, then I recommend building a second one ASAP.
- Was the failed DC a global catalog server? Do you need to promote another to a global catalog server? If you do, then there’s no time like the present.