Top Bar
Half Price Computer Books

Search and Save
Visit Half Price Computer Books
Fusion 13 Home Fusion 13 Computing Fusion 13 Alcohol Recovery Link to Fusion 13 W

Search Fusion13.com Computing
PicoSearch
Find what you were looking for?
Drop us a note.      


How to Remove a Dead Domain Controller (DC) from Active Directory ® Using LDP.exe

Domain Controllers die. Sometimes they die on their own (ex. hardware failure), and other times they die from unnatural causes (plugs are pulled, OS's are corrupted, servers are hastily rebuilt instead of being properly retired, etc).
Either way, you are left with listings in Active Directory for a domain controller that is no longer with us.

Replication begins to suffer. Group policies may not work as planned. Simple diagnostic tests (which this once majestic network passed with ease) fail relentlessly.
The integrity of our system has been compromised by this phantom server of days past.

This condition can be confirmed in several different ways:


Run DCDiag

  1. Install the Windows 2000 Support Tools from the Windows 2000 Server CD ROM (<CD-ROM>:\Support\Tools\SETUP.exe).
  2. From the command line, navigate to the C:\Program Files\Support Tools directory.
  3. Run "dcdiag /s:testdc /n:testnet1.com /v /f:C:\dcdiag.log" (without the quotes, if you domain's name is "testnet1", and if you would like to store the log file on the root of the C:\ drive).
  4. Check for the presence of errors containing the name of the deceased server, such as in Fig. 1 below.

Run Netdiag

  1. Install the Windows 2000 Support Tools from the Windows 2000 Server CD ROM (<CD-ROM>:\Support\Tools\SETUP.exe).
  2. From the command line, navigate to the C:\Program Files\Support Tools directory.
  3. Run "netdiag /v > C:\netdiag.log" (without the quotes, and if you would like to store the log file on the root of the C:\ drive).
  4. Check for the presence of errors containing the name of the deceased server, such as in Fig. 2 below.

Fig. 1 (DCDiag)

cd C:\Program Files\Support Tools
dcdiag /s:testdc /n:testnet1.com /v /f:C:\diags\dcdiag.log
Doing primary tests


Testing server: Default-First-Site-Name\TESTDC
Starting test: Replications
* Replications Check
[Replications Check,TESTDC] A recent replication attempt failed:
From DEADDC to TESTDC
Naming Context: DC=testnet1,DC=com
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2003-06-11 11:51.18.
The last success occurred at 2003-06-11 10:09.13.
4 failures have occurred since the last success.
[DEADDC] DsBind() failed with error 1722,
The RPC server is unavailable..
The source remains down. Please check the machine.


Event String: The File Replication Service is having trouble enabling replication from DEADDC to TESTDC for
c:\winnt\sysvol\domain using the DNS name
deaddc.testnet1.com. FRS will keep retrying.


Following are some of the reasons you would see
this warning.
CN=<SERVERNAME>,OU=Domain Controllers,DC=testnet1,DC=com
CN=<SERVERNAME>,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testnet1,DC=com		 Fig. 2 (NetDiag)

cd C:\Program Files\Support Tools
netdiag /v > C:\diags\netdiag.log


DC list test . . . . . . . . . . . : Passed
List of DCs in Domain 'testnet1':
testdc.testnet1.com
deaddc.testnet1.com (this DC is down)
[WARNING] Cannot ping 'deaddc.testnet1.com' (it may be down).


Since 'deaddc.testnet1.com' is down, it cannot be tested.
[WARNING] Failed to query SPN registration on DC 'deaddc.testnet1.com'.


Try to delete the Domain Controller from the Active Directory ® Users and Computers MMC Snap-in.

  1. Open the snap-in by Clicking Start > Run and typing "dsa.msc" (without the quotes); or by Clicking Start > Programs > Administrative Tools > Active Directory Users and Computers.
  2. In Active Directory Users and Computers, Expand: > Domain Controllers. Highlight the dead DC.
  3. Right Click the object, and Click delete. You will be prompted with the message "Are you sure you want to delete this object?". Click Yes.
  4. You will be presented with the error "The DSA object cannot be deleted" as shown below.
Active Directory Error - The DSA object cannot be deleted .




Help fund more walkthroughs... visit our sponsor!

Cheap Books... Increase Your Knowledge Affordably

</frustration><awareness>

Got Books? A1Books: Making Knowledge Affordable.       Up to 50% OFF on books! Half Price Computer Books    Looking for the best deals in computer books? Visit Half Price Computer Books!



Fortunately, Microsoft ® has produced a tool which allows us to more directly edit Active Directory ®. LDP.exe is included in a default installation of the Windows 2000 Support Tools. For the remainder of this document, the DC to be deleted will be known as "DeadDC" which was a controller for the domain "TestNet1.com".


    To delete a Domain Controller with LDP.exe:

  1. If you have not already, install the Windows 2000 Support Tools from the Windows 2000 Server CD ROM (<CD-ROM>:\Support\Tools\SETUP.exe).
  2. Start LDP.exe by Clicking Start > Run and typing "ldp" (without the quotes).
  3. In LDP, Click "Connection" > "Connect" and type the name of the live DC you are currently on in the "Server:" field. Click OK.

    LDP.exe - Connect Dialog

  4. Authenticate and Bind to the DC you are connected to by Clicking "Connection" > "Bind".

    LDP.exe - Connect Dialog

  5. Display Active Directory in "Tree View" by Clicking "View" > "Tree". Input the Distinguished Name of your entire domain (such as "DC=testnet1,DC=com" for the domain named "testnet1.com"). Click OK.

    To delete a Domain Controller with LDP.exe:

  6. Find the dead DC by Expanding DC=testnet1,DC=com > OU=Domain Controllers,DC=testnet1,DC=com. Expand EVERY sub container underneath of the departed Domain Controller. Expand ALL containers until the words "No children" and found under each container (as pictured below).

    LDP.exe - OU = Domain Controllers - All Containers Expanded


    CAUTION: Deleting containers in ways other than descibed below can have seriously detrimental effects on your network's Active Directory ®.
    Proceed with care.

  7. Individually Right Click and Delete all expanded sub containers (shown in Fig. 3 below). Use the default delete settings (with ONLY "Synchronous" checked!).
    If you do not delete each sub container before attempting to delete its parent container, you will receive the error "Error: Delete: Not allowed on Non-leaf" in the gray right-hand panel. Delete all containers until you are able to delete the "CN=DEADDC,OU=Domain Controllers,DC=testnet1,DC=com" container.

    Note: As you delete each container, LDP will still show this container in the tree view (left panel). In fewer words, the display will not refresh. However, if you have actually deleted the container, you will see as confirmation in the gray left panel stating the container was Deleted. (shown in Fig . 4).


    Fig. 3
    LDP.exe - Expanded DC Subcontainers    		 Fig. 4
    LDP.exe - Left panel showing confimation of container deletion


    Delete from the Configuration > Default-First-Site-Name > Servers Container

  8. Find the dead DC by Expanding DC=testnet1,DC=com > CN=Configuration,DC=testnet1,DC=com > CN=Sites,CN=Configuration,DC=testnet1,DC=com > CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testnet1,DC=com > CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testnet1,DC=com
    (in fewer words: DC=testnet1,DC=com > Configuration > Sites > Default-First-Site-Name > Servers)
  9. Individually Expand and Delete each container, including the CD=DEADDC container as described in Step 7 (and as shown below).

    LDP.exe - Expanded Servers Container - Prepare to Delete

  10. Disconnect from LDP.exe by Clicking "Connection" > Disconnect. If you would like, you can connect and bind, then view AD with LDP.exe (as outlined in Steps 1 - 5 of "To Delete a Domain Controller ..." above. Reconnecting will allow you to view Active Directory ® with the changes you have made.

Delete the Removed Domain Controller from the File Replication System.

  1. Open Active Directory Users and Computers.
  2. To display the "Advanced Features" objects, Right Click "Active Directory Users and Computers (in the Left Panel) > View > Advanced Features.
  3. Expand: <DomainName> > System > File Replication Service > Domain System Volume (SYSVOL).

    Active Directory Users and Computers - Expanded Domain System Volume

  4. Highlight "DEADDC". Right Click > Delete. Click Yes

Suggested Resources

Get 'em while they're cheap.
Windows 2000 Active Directory Windows 2000 Active Directory
Title Windows 2000 Active Directory
Publisher New Riders
Description Avoid problems, find solutions, and receive fist-hand advice. New Riders helps you get the most of Active Directory's potential.
ISBN 0735708703
Price Discount 50%
Half Price Computer Books Windows 2000 Active Directory
Title Understanding and Designing Your Active Directory Infrastructure
Publisher Sams
Description Design, Implementation, Installation, Interaction and more. Sams provides a wealth of AD information.
ISBN 0672321858
Price Discount 50%

Half Price Computer Books Half Price Computer Books
Title Windows 2000 Active Directory Black Book
Publisher Coriolis
Description Active Directory subsystem, lookup protocols, security, auditing, and integration.
ISBN 1576102564
Price Discount 70% (Bargin Price!)


Linux Information

Half Price Computer Books


Did you find this document to be helpful? Have any questions? Send us a note: computing@Fusion13.com
Broken links? Typographical errors? Send to: webmaster@Fusion13.com

Fusion 13 has taken painstaking effort to ensure the validity of its data;
however, the information contained in this document is provided without warranty.
The data presented is offered simply as a suggestion.
Fusion 13 can in no way be held responsible for how these suggestions are implemented in any environment.

Vote for Fusion13.com

 Computer Technical Tutorials & More

Valid CSS!

Vote for us at MyTechSupport's Top Tech Sites!            

Linux Information

Home

Computing

Alcohol Recovery

Etch-A-Sketch Art
Powered by Slackware Linux Powered by Apache Web Server DNS Powered by ZoneEdit
Legal



© 2003 Fusion 13