How to Remove a Dead Domain Controller (DC) from Active Directory Using LDP.exe

Similar documents
This article was previously published under Q SUMMARY

Windows Server 2003 Service Pack 1 (SP1) or later service packs Enhanced version of Ntdsutil.exe

How to install Small Business Server 2003 in an existing Active

Dell Spotlight on Active Directory Deployment Guide

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Installation Guide

Administering Group Policy with Group Policy Management Console

Integration Guide. SafeNet Authentication Service. Integrating Active Directory Lightweight Services

Administration Quick Start

Administration Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit

Integration with Active Directory

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

Dell Recovery Manager for Active Directory 8.6. Quick Start Guide

Sophos Anti-Virus for NetApp Storage Systems startup guide

SSL Management Reference

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide

Migrating Active Directory to Windows Server 2012 R2

SAM Backup and Restore Guide. SafeNet Integration Guide

Active Directory Restoration

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

DigitalPersona Pro Server for Active Directory v4.x Quick Start Installation Guide

EMC Celerra Network Server

Cloud Services ADM. User Interface Guide

Hyper-V Server 2008 Setup and Configuration Tool Guide

SELF SERVICE RESET PASSWORD MANAGEMENT DATABASE REPLICATION GUIDE

Troubleshooting File and Printer Sharing in Microsoft Windows XP

Installing Active Directory

Active Directory Management. User Interface Guide

Dell Spotlight on Active Directory Server Health Wizard Configuration Guide

Certificate Management

Troubleshooting Active Directory Server

Windows SharePoint Services Installation Guide

Using Windows Administrative Tools on VNX

Active Directory Change Notifier Quick Start Guide

ESET SECURE AUTHENTICATION. API SSL Certificate Replacement

TROUBLESHOOTING INCORRECT REPORTING OF THE WHO CHANGED PARAMETER

Security Explorer 9.5. User Guide

Audit Management Reference

ILTA HANDS ON Securing Windows 7

How to Configure a Secure Connection to Microsoft SQL Server

Installation Guide - Client. Rev 1.5.0

ILTA HAND 6B. Upgrading and Deploying. Windows Server In the Legal Environment

How to Enable LDAP Directory Services Authentication to Microsoft Active Directory in the HP cclass Onboard Administrator

Configuring Microsoft Active Directory for Oracle Net Naming. An Oracle White Paper April 2014

LDAP Server Configuration Example

Introduction. Versions Used Windows Server 2003

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

ms-help://ms.technet.2005mar.1033/enu_kbntrelease/ntrelease/ htm

Active Directory Rights Management Service Integration Guide

Microsoft Virtual Labs. Active Directory New User Interface

Test Note Phone Manager Deployment Windows Group Policy Sever 2003 and XP SPII Clients

SELF SERVICE RESET PASSWORD MANAGEMENT BACKUP GUIDE

Project management integrated into Outlook

Sophos Anti-Virus for NetApp Storage Systems startup guide. Runs on Windows 2000 and later

Deploying Remote Desktop IP Virtualization Step-by-Step Guide

How do I install Active Directory on my Windows Server 2003 server?

How to. Install Active Directory. Server 2003

ZENworks 11 Support Pack 4 Full Disk Encryption Agent Reference. May 2016

Event Log View Online

User Management Resource Administrator. Managing LDAP directory services with UMRA

Device LinkUP + Desktop LP Guide RDP

SAM 8.0 Backup and Restore Guide. SafeNet Integration Guide

White Paper. Software version: 5.0

DIGIPASS CertiID. Getting Started 3.1.0

Installing Management Applications on VNX for File

LumInsight CMS Installation Guide

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

Secure Agent Quick Start for Windows

Full Disk Encryption Agent Reference

Video Administration Backup and Restore Procedures

CLIENT CERTIFICATE (EAP-TLS USE)

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008

Step By Step Guide: Demonstrate DirectAccess in a Test Lab

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Use 802.1x EAP-TLS or PEAP-MS-CHAP v2 with Microsoft Windows Server 2003 to Make a Secure Network

Microsoft FTP Configuration Guide for Helm 4

Installing, Uninstalling, and Upgrading Service Monitor

Silect Software s MP Author

Polar Help Desk Installation Guide

PrivateWire Gateway Load Balancing and High Availability using Microsoft SQL Server Replication

Test Lab Guide: Creating a Windows Azure AD and Windows Server AD Environment using Azure AD Sync

SETTING UP ACTIVE DIRECTORY (AD) ON WINDOWS 2008 FOR EROOM

User Guide. CTERA Agent. August 2011 Version 3.0

Improving Performance of Microsoft CRM 3.0 by Using a Dedicated Report Server

Infor Cloud Printing Service Administration Guide

NetWrix Account Lockout Examiner Version 4.0 Administrator Guide

Tenrox. Single Sign-On (SSO) Setup Guide. January, Tenrox. All rights reserved.

User Document. Adobe Acrobat 7.0 for Microsoft Windows Group Policy Objects and Active Directory

Active Directory 2008 Operations

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Creating IBM Cognos Controller Databases using Microsoft SQL Server

Configuring Microsoft Active Directory 2003 for Net Naming. An Oracle White Paper September 2008

Active Directory Software Deployment

SplendidCRM Deployment Guide

GTA SSO Auth. Single Sign-On Service. Tel: Fax Web:

Creating a Domain Tree

DC Agent Troubleshooting

Application Note 116: Gauntlet System High Availability Using Replication

Symantec AntiVirus Corporate Edition Patch Update

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Transcription:

How to Remove a Dead Domain Controller (DC) from Active Directory Using LDP.exe Author : Fusion 13 : Creation Date : Monday, November 23, 2009 Last Modified : Thursday, February 17, 2011

1. Copyright Copyright 2009-2011 by vansoest.it All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. Document : C:\Users\Johan\Desktop\How to Remove a Dead Domain Controller (DC) from Active Directory Using LDP.exe.doc Page 1 of 12 Public document

Document : C:\Users\Johan\Desktop\How to Remove a Dead Domain Controller (DC) from Active Directory Using LDP.exe.doc Public document Page 2 of 12

2. Contents 1. Copyright... 1 2. Contents... 3 3. History... 4 4. History... 4 5. How to Remove a Dead Domain Controller (DC) from Active Directory Using LDP.exe... 5 5.1. Run DCDiag... 5 5.2. Run Netdiag... 7 6. Try to delete the Domain Controller from the Active Directory Users and Computers MMC Snap-in.. 8 6.1. To delete a Domain Controller with LDP.exe... 9 6.2. Delete from the Configuration > Default-First-Site-Name > Servers Container... 11 6.3. Delete the Removed Domain Controller from the File Replication System.... 12 Document : C:\Users\Johan\Desktop\How to Remove a Dead Domain Controller (DC) from Active Directory Using LDP.exe.doc Page 3 of 12 Public document

3. History Version Author Date Description 01.00.00 Johan van Soest 20091122 Initial document 4. History This document is a resurrection of an internet page called http://computing.fusion13.com/activedirectory/remove-a-domain-controller-from-active-directory-with- LDP.shtml that is not available since early 2009. Late 2009 Google calculates that it is still referenced more than 27000 times. The original valuable HTML document is reformatted to a document and stored as a PDF retaining the original information. Though written for Windows 2000 server, the tools used are still present and applicable in current Windows server versions. Please read the original Fusion 13 disclaimer at the end of this document. As this is a reformatting of the original document, copyrights lies with the original author(s). Conversion and hosting of this document is sponsored by: Caution: Use this procedure at your own risk Document : C:\Users\Johan\Desktop\How to Remove a Dead Domain Controller (DC) from Active Directory Using LDP.exe.doc Public document Page 4 of 12

5. How to Remove a Dead Domain Controller (DC) from Active Directory Using LDP.exe Domain Controllers die. Sometimes they die on their own (ex. hardware failure), and other times they die from unnatural causes (plugs are pulled, OS's are corrupted, servers are hastily rebuilt instead of being properly retired, etc). Either way, you are left with listings in Active Directory for a domain controller that is no longer with us. Replication begins to suffer. Group policies may not work as planned. Simple diagnostic tests (which this once majestic network passed with ease) fail relentlessly. The integrity of our system has been compromised by this phantom server of days past. This condition can be confirmed in several different ways: Run DCDiag Run Netdiag 5.1. Run DCDiag 1. Install the Windows 2000 Support Tools from the Windows 2000 Server CD ROM (<CD-ROM>:\Support\Tools\SETUP.exe). 2. From the command line, navigate to the C:\Program Files\Support Tools directory. 3. Run "dcdiag /s:testdc /n:testnet1.com /v /f:c:\dcdiag.log" (without the quotes, if you domain's name is "testnet1", and if you would like to store the log file on the root of the C:\ drive). 4. Check for the presence of errors containing the name of the deceased server, such as in Fig. 1 below. Document : C:\Users\Johan\Desktop\How to Remove a Dead Domain Controller (DC) from Active Directory Using LDP.exe.doc Page 5 of 12 Public document

cd C:\Program Files\Support Tools dcdiag /s:testdc /n:testnet1.com /v /f:c:\diags\dcdiag.log Doing primary tests Testing server: Default-First-Site-Name\TESTDC Starting test: Replications * Replications Check [Replications Check,TESTDC] A recent replication attempt failed: From DEADDC to TESTDC Naming Context: DC=testnet1,DC=com The replication generated an error (1722): The RPC server is unavailable. The failure occurred at 2003-06-11 11:51.18. The last success occurred at 2003-06-11 10:09.13. 4 failures have occurred since the last success. [DEADDC] DsBind() failed with error 1722, The RPC server is unavailable.. The source remains down. Please check the machine. Event String: The File Replication Service is having trouble enabling replication from DEADDC to TESTDC for c:\winnt\sysvol\domain using the DNS name deaddc.testnet1.com. FRS will keep retrying. Following are some of the reasons you would see this warning. CN=<SERVERNAME>,OU=Domain Controllers,DC=testnet1,DC=com CN=<SERVERNAME>,CN=Servers,CN=Default-First-Site- Name,CN=Sites,CN=Configuration,DC=testnet1,DC=com Figure 1. Screen dump DCDIAG Document : C:\Users\Johan\Desktop\How to Remove a Dead Domain Controller (DC) from Active Directory Using LDP.exe.doc Public document Page 6 of 12

5.2. Run Netdiag 1. Install the Windows 2000 Support Tools from the Windows 2000 Server CD ROM (<CD-ROM>:\Support\Tools\SETUP.exe). 2. From the command line, navigate to the C:\Program Files\Support Tools directory. 3. Run "netdiag /v > C:\netdiag.log" (without the quotes, and if you would like to store the log file on the root of the C:\ drive). 4. Check for the presence of errors containing the name of the deceased server, such as in Fig. 2 below. cd C:\Program Files\Support Tools netdiag /v > C:\diags\netdiag.log DC list test........... : Passed List of DCs in Domain 'testnet1': testdc.testnet1.com deaddc.testnet1.com (this DC is down) [WARNING] Cannot ping 'deaddc.testnet1.com' (it may be down). Since 'deaddc.testnet1.com' is down, it cannot be tested. [WARNING] Failed to query SPN registration on DC 'deaddc.testnet1.com'. Figure 2. Screen dump NETDIAG Document : C:\Users\Johan\Desktop\How to Remove a Dead Domain Controller (DC) from Active Directory Using LDP.exe.doc Page 7 of 12 Public document

6. Try to delete the Domain Controller from the Active Directory Users and Computers MMC Snap-in. 1. Open the snap-in by Clicking Start > Run and typing "dsa.msc" (without the quotes); or by Clicking Start > Programs > Administrative Tools > Active Directory Users and Computers. 2. In Active Directory Users and Computers, Expand: > Domain Controllers. Highlight the dead DC. 3. Right Click the object, and Click delete. You will be prompted with the message "Are you sure you want to delete this object?". Click Yes. 4. You will be presented with the error "The DSA object cannot be deleted" as shown below. Figure 3. Active Directory Error - The DSA object cannot be deleted. Fortunately, Microsoft has produced a tool which allows us to more directly edit Active Directory. LDP.exe is included in a default installation of the Windows 2000 Support Tools. For the remainder of this document, the DC to be deleted will be known as "DeadDC" which was a controller for the domain "TestNet1.com". Document : C:\Users\Johan\Desktop\How to Remove a Dead Domain Controller (DC) from Active Directory Using LDP.exe.doc Public document Page 8 of 12

6.1. To delete a Domain Controller with LDP.exe 1. If you have not already, install the Windows 2000 Support Tools from the Windows 2000 Server CD ROM (<CD-ROM>:\Support\Tools\SETUP.exe). 2. Start LDP.exe by Clicking Start > Run and typing "ldp" (without the quotes). 3. In LDP, Click "Connection" > "Connect" and type the name of the live DC you are currently on in the "Server:" field. Click OK. Figure 4. LDP.exe - Connect Dialog 4. Authenticate and Bind to the DC you are connected to by Clicking "Connection" > "Bind". Figure 5. LDP.exe - Connect Dialog 5. Display Active Directory in "Tree View" by Clicking "View" > "Tree". Input the Distinguished Name of your entire domain (such as "DC=testnet1,DC=com" for the domain named "testnet1.com"). Click OK. Document : C:\Users\Johan\Desktop\How to Remove a Dead Domain Controller (DC) from Active Directory Using LDP.exe.doc Page 9 of 12 Public document

6. Find the dead DC by Expanding DC=testnet1,DC=com > OU=Domain Controllers,DC=testnet1,DC=com. Expand EVERY sub container underneath of the departed Domain Controller. Expand ALL containers until the words "No children" and found under each container (as pictured below). Figure 6. LDP.exe - OU = Domain Controllers - All Containers Expanded CAUTION: Deleting containers in ways other than described below can have seriously detrimental effects on your network's Active Directory. Proceed with care. 7. Individually Right Click and Delete all expanded sub containers (shown in Figure 7 below). Use the default delete settings (with ONLY "Synchronous" checked!). If you do not delete each sub container before attempting to delete its parent container, you will receive the error "Error: Delete: Not allowed on Non-leaf" in the gray right-hand panel. Delete all containers until you are able to delete the "CN=DEADDC,OU=Domain Controllers,DC=testnet1,DC=com" container. Figure 7. LDP-Expanded DC SubContainers Note: As you delete each container, LDP will still show this container in the tree view (left panel). In fewer words, the display will not refresh. However, if you have actually deleted the container, you will see as confirmation in the gray left panel stating the container was Deleted. (Shown in Figure 8). Document : C:\Users\Johan\Desktop\How to Remove a Dead Domain Controller (DC) from Active Directory Using LDP.exe.doc Public document Page 10 of 12

Figure 8. LDP.exe - Left panel showing confirmation of container. 6.2. Delete from the Configuration > Default-First-Site-Name > Servers Container 8. Find the dead DC by Expanding DC=testnet1,DC=com > CN=Configuration,DC=testnet1,DC=com > CN=Sites,CN=Configuration,DC=testnet1,DC=com > CN=Default-First-Site- Name,CN=Sites,CN=Configuration,DC=testnet1,DC=com > CN=Servers,CN=Default-First-Site- Name,CN=Sites,CN=Configuration,DC=testnet1,DC=com (in fewer words: DC=testnet1,DC=com > Configuration > Sites > Default-First-Site-Name > Servers) 9. Individually Expand and Delete each container, including the CD=DEADDC container as described in Step 7 (and as shown below). Figure 9. LDP.exe - Expanded Servers Container - Prepare to Delete 7. Disconnect from LDP.exe by Clicking "Connection" > Disconnect. If you would like, you can connect and bind, then view AD with LDP.exe (as outlined in Steps 1-5 of "To Delete a Domain Controller..." above. Reconnecting will allow you to view Active Directory with the changes you have made. Document : C:\Users\Johan\Desktop\How to Remove a Dead Domain Controller (DC) from Active Directory Using LDP.exe.doc Page 11 of 12 Public document

6.3. Delete the Removed Domain Controller from the File Replication System. 1. Open Active Directory Users and Computers. 2. To display the "Advanced Features" objects, Right Click "Active Directory Users and Computers (in the Left Panel) > View > Advanced Features. 3. Expand: <DomainName> > System > File Replication Service > Domain System Volume (SYSVOL). Figure 10. Active Directory Users and Computers - Expanded Domain System Volume. 4. Highlight "DEADDC". Right Click > Delete. Click Yes Fusion 13 has taken painstaking effort to ensure the validity of its data; however, the information contained in this document is provided without warranty. The data presented is offered simply as a suggestion. Fusion 13 can in no way be held responsible for how these suggestions are implemented in any environment. Document : C:\Users\Johan\Desktop\How to Remove a Dead Domain Controller (DC) from Active Directory Using LDP.exe.doc Public document Page 12 of 12

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information