Forcing the Removal of a Domain Controller

Posted 2020-06-18

Forcing the Removal of a Domain Controller

Reference link

https://technet.microsoft.com/en-us/library/cc781245%28v=ws.10%29.aspx

Forced removal of a domain controller from Active Directory is intended to be used as a last resort to avoid having to reinstall the operating system on a domain controller that has failed and cannot be recovered. When a domain controller can no longer function in a domain (that is, it is offline), you cannot remove Active Directory in the normal way, which requires connectivity to the domain. Forced removal is not intended to replace the normal Active Directory removal procedure in any way. It is virtually equivalent to permanently disconnecting the domain controller.

Active Directory stores a considerable amount of metadata about a domain controller. During the normal process of uninstalling Active Directory on a domain controller, this metadata is removed from Active Directory through a connection to another domain controller in the domain. A forced removal assumes that there is no connectivity to the domain; therefore, it does not attempt any metadata removal (cleanup).

Consequently, forced removal of Active Directory from a domain controller should always be followed by the metadata cleanup procedure, which removes all references to the domain controller from the domain and forest.

Forced demotion should not be performed on the last domain controller in a domain.

Task Requirements      

The following tools are required to perform the procedures for this task:

• Active Directory Sites and Services
  
  

• Dcpromo.exe
  
  

• Ntdsutil.exe
  

To clean up server metadata

1. Open a command prompt.

2. Type the following command, and then press ENTER:

   ntdsutil            

3. At the ntdsutil: prompt, type:

   metadata cleanup            

4. Perform metadata cleanup as follows:

   At this point, Active Directory confirms that the domain controller was removed successfully. If you receive an error message that indicates that the object cannot be found, Active Directory might have already removed the domain controller.

• If you are performing metadata cleanup by using the version of Ntdsutil.exe that is included with Windows Server 2003 SP1, at the metadata cleanup: prompt, type:
  
  remove selected server ServerName
  
  Or
  
  remove selected server ServerName1 on ServerName2
  
  

   

  Value	Definition
  ServerName, ServerName1	The distinguished name of the domain controller whose metadata you want to remove, in the form cn=ServerName,cn=Servers,cn=SiteName, cn=Sites,cn=Configuration,dc=ForestRootDomain
  ServerName2	The DNS name of the domain controller to which you want to connect and from which you want to remove server metadata

• If you are performing metadata cleanup by using the version of Ntdsutil.exe that is included with Windows Server 2003 with no service pack, perform metadata cleanup as follows:
  
  

1. At the metadata cleanup: prompt, type:
   
   connection
   
   

2. At the server connections: prompt, type:
   
   connect to server Server
   
   

3. At the server connections: prompt, type:
   
   quit
   
   

4. At the metadata cleanup: prompt, type:
   
   select operation target
   
   

5. At the select operation target: prompt, type:
   
   list sites
   
   A numbered list of sites appears.
   
   

6. At the select operation target: prompt, type:
   
   select site SiteNumber
   
   

7. At the select operation target: prompt, type:
   
   list domains in site
   
   A numbered list of domains in the selected site appears.
   
   

8. At the select operation target: prompt, type:
   
   select domain DomainNumber
   
   

9. At the select operation target: prompt, type:
   
   list servers in site
   
   A numbered list of servers in a domain and site appears.
   
   

10. At the select operation target: prompt, type:
    
    select server ServerNumber
    
    

11. At the select operation target: prompt, type:
    
    quit
    
    

12. At the metadata cleanup: prompt, type:
    
    remove selected server
    
    

     

    Value	Description
    Server	The DNS name of a domain controller that you want to connect to
    SiteNumber	The number associated with the site of the server that you want to clean up that appears in the list
    DomainNumber	The number associated with the domain of the server that you want to clean up that appears in the list
    ServerNumber	The number associated with the server that you want to clean up that appears in the list

To verify that the server was removed, type list servers in site, and then press ENTER. Ensure that the domain controller that you wanted to be removed is no longer displayed in the command output.At the metadata cleanup: and ntdsutil: prompts, type quit.