How to Remove a Offline DC

Posted by IDEAL
Labels: , ,

Some administrator decided to remove an old DC from the network but forgot to remove it from Active Directory or the DC has entered a failed state and cannot be recovered from. In a perfect world DCPROMO is all you have to do to remove a DC from the environment. However, if that DC was already shutdown or DCPROMO is giving you problems you will have to remove it the manual way. That method involves using a command called NTDSUTIL. NTDSUTIL is a command line tool that allows you to perform some of the more advanced Active Directory maintenance tasks.

Below are the steps needed to remove a failed or offline Domain Controller from your environment.

TIP: NTDSUTIL does not require the full command to be entered…you only have to enter enough of the command that is unique. For Example, instead of typing metadata cleanup you could just type met cle…or better yet m c

  1. Open the Command Prompt
  2. Type ntdsutil (all the commands will be entered via this command prompt)
  3. Type metadata cleanup
  4. Type connections
  5. Type connect to server and replace with the name of a functional DC in your environment…even if you are logged in locally. This step is not needed post W2K3 SP1.
  6. Type quit
  7. Type select operations target
  8. Type lists sites
  9. Type select site <#> where <#> is the site where the failed or offline DC resided
  10. Type list servers in site
  11. Type select server <#> where <#> is the DC that is failed or offline
  12. Type list domains
  13. Type select domain <#> where <#> is the domain where the failed or offline DC resided (at this point you should verify that the site, server and domain are all selected)
  14. Type quit (this should set you back to the metadata cleanup menu)
  15. Type remove selected server ( a warning message will pop up…verify that this is the correct DC…in fact get a peer to verify it for you too)
  16. Click Yes
  17. Open Active Directory Sites and Services
  18. Expand out the site that the failed or offline DC resided in
  19. Verify the DC cannot be expanded out (no connection objects and such)
  20. Right Click the DC and select Delete
  21. Close Active Directory Sites and Services
  22. Open Active Directory Users and Computers
  23. Expand the Domain Controllers OU
  24. Delete the failed or offline DC from the OU (if it even exists)
  25. Close Active Directory Users and Computers
  26. Open DNS Manager
  27. Expand the zones where this DC was also a DNS server and perform the following steps
  28. Right click the zone and select Properties
  29. Click the Name Servers tab
  30. Remove the failed or offline DC from the Name Servers tab
  31. Click OK to also remove the HOST (A) or Pointer (PTR) record if asked
  32. Verify the zone no longer has a DNS record for the failed or offline DC

0 comments:

Post a Comment