How to Remove a Failed or Offline Domain Controller (Server 2008 x64)

I recently ran into an issue where after installing a new domain controller, and renaming it, the FSMO roles didn’t follow the DC with the new name. Because of this, I had to manually remove it and clean the database, and then start over with the DC. It can be a frustrating process, but here are the steps that need to be taken to get it done quickly. This can also be helpful if you’re unable to use DCPROMO to demote a DC to a member server. These steps are performed on Server 2008.

1. Open the Command Prompt

2. Type “ntdsutil” (all the commands will be entered via this command prompt)

3. Type “metadata cleanup”

4. Type “connections”

5. Type “connect to server ” and replace with the name of a functional DC in your environment…even if you are logged in locally. This step is not needed post W2K3 SP1.

6. Type “quit”

7. Type “select operation target”

8. Type “list sites”

9. Type “select site <#>” where <#> is the site where the failed or offline DC resided

10. Type “list servers in site”

11. Type “select server <#>” where <#> is the DC that is failed or offline

12. Type “list domains”

13. Type “select domain <#>” where <#> is the domain where the failed or offline DC resided (at this point you should verify that the site, server and domain are all selected)

14. Type “quit” (this should set you back to the metadata cleanup menu)

15. Type “remove selected server” ( a warning message will pop up…verify that this is the correct DC.)

16. Click Yes

17. Open Active Directory Sites and Services

18. Expand out the site that the failed or offline DC resided in

19. Verify the DC cannot be expanded out (no connection objects and such)

20. Right Click the DC and select Delete

21. Close Active Directory Sites and Services

22. Open Active Directory Users and Computers

23. Expand the Domain Controllers OU

24. Delete the failed or offline DC from the OU (if it even exists)

25. Close Active Directory Users and Computers

26. Open DNS Manager

27. Expand the zones where this DC was also a DNS server and perform the following steps

28. Right click the zone and select Properties

29. Click the Name Servers tab

30. Remove the failed or offline DC from the Name Servers tab

31. Click OK to also remove the HOST (A) or Pointer (PTR) record if asked

32. Verify the zone no longer has a DNS record for the failed or offline DC

And that’s it. Once you’re to this point, you can start reinstalling your OS on your server, and go through the domain controller process again.

9 Responses

  1. Farhad says:

    But ühen i do it commands there shown Win 32 error , access is denied. But the user which i log in is member of alla administrators group. Why is access denied i can’t understand.

  2. Abu says:

    Carried out the steps after moving the FSMO role holders DCs to a Test environment and cleaned the other DCs not brought into the Test environment, your steps worked very well.
    Good job!

    My environment is Windows 2008 R2, single Forest Root domain.

    Well done and thanks again for sharing the steps.

Leave a Reply