Forcing the Removal of a Domain Controller
Reference link
https://technet.microsoft.com/en-us/library/cc781245%28v=ws.10%29.aspx
Forced removal of a domain controller from Active Directory is
intended to be used as a last resort to avoid having to reinstall the
operating system on a domain controller that has failed and cannot be
recovered. When a domain controller can no longer function in a domain
(that is, it is offline), you cannot remove Active Directory in the
normal way, which requires connectivity to the domain. Forced removal is
not intended to replace the normal Active Directory removal procedure
in any way. It is virtually equivalent to permanently disconnecting the
domain controller.
Active Directory stores a considerable amount of metadata about
a domain controller. During the normal process of uninstalling
Active Directory on a domain controller, this metadata is removed from
Active Directory through a connection to another domain controller in
the domain. A forced removal assumes that there is no connectivity to
the domain; therefore, it does not attempt any metadata removal
(cleanup).
Consequently, forced removal of Active Directory from a domain
controller should always be followed by the metadata cleanup procedure,
which removes all references to the domain controller from the domain
and forest.
Forced demotion should not be performed on the last domain controller in a domain.
Task Requirements
The following tools are required to perform the procedures for this task:
- Active Directory Sites and Services
- Dcpromo.exe
- Ntdsutil.exe
To clean up server metadata
- Open a command prompt.
- Type the following command, and then press ENTER:
ntdsutil
- At the ntdsutil: prompt, type:
metadata cleanup
- Perform metadata cleanup as follows:
At this point, Active Directory confirms that the domain
controller was removed successfully. If you receive an error message
that indicates that the object cannot be found, Active Directory might
have already removed the domain controller.
- If you are performing metadata cleanup by using the version of
Ntdsutil.exe that is included with Windows Server 2003 SP1, at the metadata cleanup: prompt, type:remove selected server ServerName
Or
remove selected server ServerName1 on ServerName2
Value Definition
ServerName, ServerName1
The distinguished name of the domain controller whose metadata you want to remove, in the form cn=ServerName,cn=Servers,cn=SiteName, cn=Sites,cn=Configuration,dc=ForestRootDomain
ServerName2
The DNS name of the domain controller to which you want to connect and from which you want to remove server metadata - If you are performing metadata cleanup by using the version of
Ntdsutil.exe that is included with Windows Server 2003 with no service
pack, perform metadata cleanup as follows:
- At the metadata cleanup: prompt, type:
connection
- At the server connections: prompt, type:
connect to server Server
- At the server connections: prompt, type:
quit
- At the metadata cleanup: prompt, type:
select operation target
- At the select operation target: prompt, type:
list sites
A numbered list of sites appears.
- At the select operation target: prompt, type:
select site SiteNumber
- At the select operation target: prompt, type:
list domains in site
A numbered list of domains in the selected site appears.
- At the select operation target: prompt, type:
select domain DomainNumber
- At the select operation target: prompt, type:
list servers in site
A numbered list of servers in a domain and site appears.
- At the select operation target: prompt, type:
select server ServerNumber
- At the select operation target: prompt, type:
quit
- At the metadata cleanup: prompt, type:
remove selected server
Value Description
Server
The DNS name of a domain controller that you want to connect to
SiteNumber
The number associated with the site of the server that you want to clean up that appears in the list
DomainNumber
The number associated with the domain of the server that you want to clean up that appears in the list
ServerNumber
The number associated with the server that you want to clean up that appears in the list
To verify that the server was removed, type list servers in site,
and then press ENTER. Ensure that the domain controller that you wanted
to be removed is no longer displayed in the command output.At the metadata cleanup: and ntdsutil: prompts, type quit.