How to remove a dead domain controller from active directory?

To remove a dead domain controller from Active Directory, you will need to perform the following steps:

  1. Log in to a domain controller that is still functioning and open the Active Directory Users and Computers console.
  2. Right-click on the domain name and select “Find”.
  3. In the Find dialog box, select the “Computers” option and enter the name of the dead domain controller.
  4. Right-click on the dead domain controller and select “Delete”.

5. When prompted, select the option to delete the computer object from Active Directory.

6. Check Delete the domain controller anyway and click on Delete if you receive the popup: You are attempting to delete a domain Controller without running the removal wizard.

7. Open the DNS Manager console and remove any DNS records that are associated with the dead domain controller.

8. Open the Sites and Services console and remove any references to the dead domain controller.

9. Remove any lingering references to the dead domain controller from the Active Directory database by running the following command on a functional domain controller:

a. Right Click on Start > Command Prompt (admin)
 b. Type ntdsutil and enter

c. Type metadata cleanup and press enter

d. Next type remove selected server <servername> and press Enter
NOTE: Replace <servername> with domain Controller server you wish to remove

Note: After removing the server from ADUC and ADS&S the ntdsutil step is not needed.  It was probably from the Windows 2000/2003 days. Otherwise, you may receive this message:

Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-03100231, problem 2006 (BAD_NAME), data 8350, best match of:
‘CN=Ntds Settings,dc04’

Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the Active Directory Domain Controller (5). Please use the connection menu to specify it.

10. To cConfirm that the dead domain controller has been successfully removed from Active Directory by running the following command on a functional domain controller:

repadmin /showrepl

This will show you the status of replication between the remaining domain controllers in the domain.

Note: It’s important to ensure that you have a full backup of your Active Directory database before performing any changes or deletions.

Published by

Bob Lin

Bob Lin, Chicagotech-MVP, MCSE & CNE Data recovery, Windows OS Recovery, Networking, and Computer Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.com