jump to navigation

How to Delete a Failed Domain Controller from Active Directory February 10, 2010

Posted by General Zod in Microsoft, Tech.

We had a little drama this afternoon when one of our domain controller servers was to be demoted and retired.  Unfortunately, during the run of DCPROMO, the demotion failed.  I’m not entirely sure of what happened exactly as I wasn’t actually present to experience the malfunction.  After the other administrator had worked on it for a while, he got annoyed… and long story short, he just pulled it off the network and blew the hard disk away.  The other domain controllers are replicating OK, so the only thing for us to do now is to delete the failed DC from Active Directory as cleanly as possible.

It’s true that this procedure has been posted 100 times previously by 100 other people, but that’s not going to stop me.

WARNING:  Use this procedure at your own risk.  Incorrect use of these steps may cause Active Directory to cease functioning.  If you have any doubt over the suitability of this procedure, then do not utilize it and seek help elsewhere.

Step one doesn’t actually have anything to do with deleting the DC from AD though.  The first thing you should do is determine if the failed DC had held any of the 5 FSMO roles.  If so… relocate them to a functional DC immediately.

With that taken care of, the next thing to do is to just shutdown the failed domain controller.  If your failed DC is still online, but the demotion is continuously failing… then just go ahead and turn it off cold.  Unplug it from the network.  After this process, you will NOT want to turn it on again before you rebuild it.

Now, open up a command prompt, and invoke the following commands.  (Note that the underlined sections are values to which you must provide the answers.)

metadata cleanup
connect to server hostname of a functional DC
select operation target
list domains
select domain #
list sites
select site #
list servers in site
select server #
remove selected server
Click [YES] when presented with the warning message.

Next, open up "Active Directory Sites and Services", and…

Expand Sites –> Your Site Name –> Servers
Right-click on the failed DC, and select "Delete".

Finally, open up "Active Directory Users and Computers", and…

Expand , and open up the "Domain Controllers" container.
Right-click the hostname of the failed DC, and select "Delete".

You will be prompted for a reason for deleting the object.  Select "The domain controller is permanently offline and can no longer be demoted using Active Directory Installation Wizard (DCPROMO)."

Click [Delete].
Click [Yes] to confirm the deletion of the object.

That’s it.  The offending data has now been purged out of Active Directory.

Now it’s time to assess the state of the rest of your domain.

  • Do you still have more than one DC?  If not, then I recommend building a second one ASAP.
  • Was the failed DC a global catalog server?  Do you need to promote another to a global catalog server?  If you do, then there’s no time like the present.


1. Sam Webb - June 28, 2011

Thanks for documenting this, very useful.

2. chris - September 27, 2011

top doc! Very useful even for 2008 r2

3. Hi Da Vi - November 11, 2011

great guide. a really good help after my sbs 2003 server died right at the end of our migration to sbs 2011

4. Arif - January 12, 2013

good doc

5. giraffdk - April 25, 2013

Tanks for this, nice and easy guide.

What about the DNS purge after a failed DC??

6. Dexter - July 18, 2015

your my man!
right spot on!

7. Nicolas - January 22, 2016

Thank you so much !

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: