10/8/13 Complete Step by Step to Remove an Orphaned Domain Controller - AD and Exchange Quantum Singularity AD and Exchange Quantum Singularity Complete Step by Step to Remove an Orphaned Domain Controller Published Tue, Oct 5 2010 0:14 Complete Step by Step to Remove an Orphaned Domain controller Ace Fekay, MCT, MVP, MCITP EA, Exchange 2010 Enterprise Administrator, MCTS Windows 2008, Exchange 2010 & Exchange 2007, MCSE 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP: Directory Services Active Directory, Exchange and Windows Infrastructure Engineer Published 10/5/2010 Revamped 11/3/2010 - Changed the steps to make more sense and easier to follow Preface I think at this time you're probably thinking, "What, another blog on how to remove an Orphaned DC?" I know. There are many out there, and I commend all the ones I've read. I thought to put together a complete step by step with all the little nuances that are involved with links and explanations. If I've forgotten any, I do hope someone is kind of enough to post a comment indicating, or even if I've made a mistake. I would do the same. In a nutshell, I wrote this is in response to questions that have come up numerous times in the AD NNTP newsgroups and Microsoft Social Forums. The question isn't usually asked directly, because in some cases some may not have realized these steps are required, rather how to remove an orphaned DC is normally a response after diagnosing a specific DC or replication issue, such as not being able to introduce a new DC with the same name as a failed one, or a DC was lost and there are numerous Event log replication errors, as well as DCDIAG and other errors, to something simple as having ran the procedure but may have forgotten a step or two. To point out, many of the steps were taken from the following link, but I've extrapolated the steps and added additional information, links, and explanations. How to remove completely orphaned Domain Controller http://support.microsoft.com/kb/555846 Should I repair the DC or simply dump it and create a new one? Good question. In many cases, whenever a DC is lost, the easiest and simplest way is to simply dump the machine, cleanup AD and rebuild it using the same name. Compared to doing a restore, this is the simplest procedure and will save wasted time, because it's much faster. HOwever, just to add, if any application or service is installed on the DC, it adds a compexity, especially if Exchange was installed on it. Needless to say, which many are aware of or already have heard, it's recommended to never install Exchange on a DC. See the next section where I posted a link that explains this in greater detail. Of course the decision to dump the failed DC and rebuild a new one with the same name is a sound and proven popular decision, however this it's assumed there are no applications or major services installed and running, or files to be restored on the DC. Normally we do not recommend installing additional apps or services, other than DNS, WINS and/or DHCP. If there are, then of course the apps, services, files, etc, must be reinstalled, reconfigured, or restored. Was Exchange on the DC? As mentioned in the Preface , one thing I like to point out that if Exchange is on a DC, well, besides not wanting to reiterate that this is not a recommended option nonetheless, hopefully you have a full backup of the Exchange Information Store and the DC System State, because both would have to be restored. Hopefully as well you have two separate backups of each and not together in the same backup job, otherwise you may find the Exchange backup is useless to restore. More about Exchange on a DC in the following link. It's not a DC/Exchange restore link, rather it explains why you wouldn't want to install Exchange on a DC and the ramifications, as long as it's not SBS, which is designed to allow Exchange on it. Read more if this applies to your scenario: Exchange on a Domain Controller - Ramifications and How to Move Exchange off a DC Published by acefekay on Aug 8, 2009 at 7:00 PM http://msmvps.com/blogs/acefekay/archive/2009/08/08/moving-from-exchange-2000-currently-on-a-windows-2000-domain-controller-to-a-new-exchange-2003-server-on-awindows-2003-member-server.aspx Were there any applications or services installed? Was DHCP installed? If you don't have a backup that you can retrieve the DHCP database, your best bet is to reinstall DHCP services and start from scratch. If you do have a backup and can restore the DHCP files, follow this link: How to move a DHCP database from a computer that is running Windows 2003 (Als applies to newer versions) msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx 1/9 10/8/13 Complete Step by Step to Remove an Orphaned Domain Controller - AD and Exchange Quantum Singularity http://support.microsoft.com/kb/325473 How to migrate a DHCP database from Windows 2000 Server to Windows, Nov 9, 2009 http://www.google.com/url? sa=t&source=web&cd=5&sqi=2&ved=0CCUQFjAE&url=http%3A%2F%2Fblogs.technet.com%2Fb%2Fnetworking%2Farchive%2F2009%2F11%2F09%2Fhowto-migrate-a-dhcp-database-from-windows-2000-server-to-windows-server-2008-or-windows-server-2008r2.aspx&ei=IZCwTP7ADcK88ga_5cSvCQ&usg=AFQjCNFaNCXFfYCbpjjnIrAkaQ-3PjAd1Q Was WINS installed? If you don't have a backup that you can retrieve the WINS database, your best bet is to reinstall WINS services and start from scratch. If the WINS server had a partner, you can possibly use that to reinitiate the database. If you do have a backup and can restore the WINS files, follow this link: How to migrate a WINS Database from Windows 2000-based WINS server (Applies to all Windows 2000 and newer Windows versions) http://support.microsoft.com/kb/875419 Was DNS installed? No worries as long as the zones were AD Integrated. They'll just replicate over from another DC automatically. No need to manually create the zones. If you do try to manually create the zones and they are AD Integrated, you'll introduce a duplicate zone issue in the AD database, which is another topic to clean them up. Any other applications or services installed? Dep[ending on the application or service installed, hopefully you'll have either a backup that you can retrieve the files, or you'll have to reinstall. For any third party application, you'll need to refer to the documentation or contact the vendor for assistance. Basic High-Level steps 1. Run a Metadata Cleanup 2. Remove the old computer in "Active Directory Sites and Services." 3. Remove old DNS and WINS records of the orphaned Domain Controller. 4. If Windows 2000, use "ADSIEdit" to remove old computer records from the Active Directory. 5. Force Active Directory replication Steps Broken Down with a Low-Level Description 1. Make sure at least one of the current live DCs is a GC. It's actually recommended to make all DCs GCs, whether in a single domain or multi-domain forest. This way it alleviates issues with the IM/GC conflict. Many large installations have been using this design successfully without issues. Matter of fact, Exchange likes it. Global Catalog vs. Infrastructure Master: "If a single domain forest, you can have all DCs a GC. If multiple domains, it is recommended for a GC to not be on the FSMO IM Role, unless you make all DCs GCs" http://msmvps.com/blogs/ulfbsimonweidner/archive/2005/03/08/37975.aspx Enable or disable a global catalog: Active Directory Jan 21, 2005 ... Select the Global Catalog check box to enable the global catalog, or clear the check box to disable the global catalog. ... http://technet.microsoft.com/en-us/library/cc758330(WS.10).aspx How to create or move a global catalog in Windows Server 2003 (same in 2008 & 2008 R2) http://support.microsoft.com/kb/313994 2. Use the following knowledgebase to run a Metadata Cleanup to remove common Domain Controller objects and settings from Active Directory. A. For Windows 2003 NTDSUTIL in 2003 and newer automatically removes the Computer Account and FRS Objects from Active Directory, but if you like, you can still use these steps to insure the objects were removed. How to remove data in Active Directory after an unsuccessful domain controller demotion http://support.microsoft.com/kb/216498 B. For Windows 2000, you must use ADISEdit to remove the Computer Account and the FRS Object from Active Directory. Use ADSIEdit to delete the computer account. To do this, follow these steps: 1. msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx 2/9 10/8/13 Complete Step by Step to Remove an Orphaned Domain Controller - AD and Exchange Quantum Singularity 1. 2. 3. 4. 5. Click Start, click Run, type adsiedit.msc in the Open box, and then click OK. Expand the Domain NC container. Expand DC=Your Domain Name, DC=COM, PRI, LOCAL, NET. Expand OU=Domain Controllers. Right-click CN=domain controller name, and then click Delete. If you receive the "DSA object cannot be deleted" error message when you try to delete the object, change the UserAccountControl value. To change the UserAccountControl value, right-click the domain controller in ADSIEdit, and then click Properties. Under Select a property to view, click UserAccountControl. Click Clear, change the value to 4096, and then click Set. You can now delete the object. Note The FRS subscriber object is deleted when the computer object is deleted because it is a child of the computer account. Use ADSIEdit to delete the FRS member object. To do this, follow these steps: 1. 1. 1. 2. 3. 4. 5. 6. 7. Click Start, click Run, type adsiedit.msc in the Open box, and then click OK Expand the Domain NC container. Expand DC=Your Domain, DC=COM, PRI, LOCAL, NET. Expand CN=System. Expand CN=File Replication Service. Expand CN=Domain System Volume (SYSVOL share). Right-click the domain controller you are removing, and then click Delete. C. For Windows 2008 and WIndows 2008 R2: It's all GUI based in 2008 and 2008 R2. However, you'll still want to follow the rest of the steps to seize FSMOs, force replication, checking DNS & WINS, etc. Cleanup Server Metadata Windows 2008 (GUI Based) http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx Active Directory Metadata Cleanup (For Windows 2008 or newer - with screen shots) By Meinolf Weber, MVP http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx Optional Script For Windows 2000, 2003, 2008, and 2008 R2 If you don't like to use the command line tools, you can use a script that was developed to do this part for you: You can also use Microsoft's Script written specifically to run a Metadata Cleanup if reluctant to use ntdsutil in a command line: Remove Active Directory Domain Controller Metadata (Microsoft) - Applies to all Windows Server Versions (2000, 2003, 2003 R2, 2008, 2008 R2, SBS 2003 & SBS 2008) http://gallery.technet.microsoft.com/ScriptCenter/en-us/d31f091f-2642-4ede-9f97-0e1cc4d577f3 3. If the failed DC held any of the FSMO Roles, you need to seize the FSMO to alternative Domain Controller Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller http://support.microsoft.com/kb/255504 How to view and transfer FSMO roles in Windows Server 2003 using the GUI http://support.microsoft.com/kb/324801 4. If the failed DC held the PDC Emulator Role, you need to configure a new authoritative timeserver in the domain. The first link is my blog with complete steps. It was compiled using the following two Microsoft KBs, among other links. Configuring the Windows Time Service for Windows Server Scroll down to the section "Transferring the PDC Emulator Role" Published by acefekay on Sep 18, 2009 at 8:14 PM 3050 1 http://msmvps.com/blogs/acefekay/archive/2009/09/18/configuring-the-windows-time-service-for-windows-server.aspx How to configure an authoritative timerver in Windows 2000 http://support.microsoft.com/kb/216734 How to configure an authoritative time server in Windows Server 2003 http://support.microsoft.com/kb/816042 5. Remove old computer account by using "Active Directory Sites and Services" tool. msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx 3/9 10/8/13 Complete Step by Step to Remove an Orphaned Domain Controller - AD and Exchange Quantum Singularity Open Active Directory Sites and Services Expand the Sites folder Select the site the old DC was in Expand Servers Delete the old DC name 6. Remove any old WINS records of the orphaned Domain Controller from the WINS database. If there are WINS replication partners, when you delete them, choose the "Tombstone" option. Deletion of WINS Database Records If WINS records deleted this way have been replicated to other WINS servers, these additional records will not be removed fully. The records on other WINS ... http://technet.microsoft.com/en-us/library/cc959263.aspx Deleting and tombstoning records: Windows Internet Name Service (WINS) Jan 21, 2005 ... If the WINS records deleted in this way exists in WINS data replicated to other WINS servers on your network, these additional records are ... http://technet.microsoft.com/en-us/library/cc782886(WS.10).aspx 7. Force Active Directory replication by using "Repadmin.exe" tool. Repadmin examples: Repadmin /syscall - to initiate a replication for all partners repadmin /syncall /A /e /P (/A Synchronizes all partitions on the DC you're running it on, /e Synchronizes partitions across all Sites, /P Forces a "Push" that pushes changes outwards instead of the default to pull changes) Also, to check replication status: To see if anything is in the queue waiting for replication: Run "repadmin /queue *" Find out what the replication latency is, if any. If it's less than a few minutes, you're fine. Run "repadmin /showutdvec server-name dc=mydomain,dc=lab /latency" You can also use the Replmon Gui version for Windows 2000 and 2003, but it's no longer available for 2008 or newer. Getting Over Replmon - Ask the Directory Services Team - Site Home ...Jul 1, 2009 ... With the release of Window Server 2008 Replmon was not included ... http://blogs.technet.com/b/askds/archive/2009/07/01/getting-over-replmon.aspx Repadmin: More info as well as explanations on the specific repadmin switches Repadmin Updated: August 22, 2005 A complete list of switches with details and usage. Applies To: Windows Server 2003 R2 (However, the switches apply to 2008 and 2008 R2 as well.) http://technet.microsoft.com/en-us/library/cc778305(WS.10).aspx Using Repadmin.exe to troubleshoot Active Directory replication http://support.microsoft.com/kb/229896/ Initiating Replication Between Active Directory Direct Replication Partners Written for Windows 2000, but works for Windows 2003, 2008 and 2008 R2 This article shows how to use repadmin and the necessary switches to force replication between specific or all partners in the infrastructure http://support.microsoft.com/kb/232072 Troubleshooting replication Updated: April 4, 2008 Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2 http://technet.microsoft.com/en-us/library/cc755349(WS.10).aspx Repadmin Updated: July 13, 2010 Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2008 http://technet.microsoft.com/en-us/library/cc770963(WS.10).aspx Repadmin: Microsoft Technical Whitepaper (download link): http://www.microsoft.com/downloads/details.aspx?familyid=c6054092-ee1e-4b57-b175-5aabde591c5f&displaylang=en 8. Go through DNS with a fined-toothed comb to delete all references for the old DC. You'll need to delete records such as such as SRV, host, LdapIPddress, and GcIpAddress. msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx 4/9 10/8/13 Complete Step by Step to Remove an Orphaned Domain Controller - AD and Exchange Quantum Singularity Drill down into every record under both domain.local and _msdcs.domain.local. Under the domain.local zone: Delete the A (host record) for the failed DC Delete the LdapIpAddress: Under domain.local, you will see a record such as (same as parent) A 192.168.1.10 (using this IP as an example). Delete it. Delete any reference in the DomainDnsZones. If the DomainDnsZones folder exists, expand it. Check and delete any reference to the failed DC's FQDN and IP address. Delete any reference in the ForestDnsZones. If the ForestDnsZones folder exists, expand it. Check and delete any reference to the old DC's FQDN and IP address. To make sure all records are gone, fully expand each folder under the domain.local zone, and delete any references you see such as for the kerberos and ldap SRV references. The subfolders are: _sites _tcp _udp domaindnszones forestdnszones Under the _msdcs.domain.local zone: Delete the GcIpAddress: Click on the _gc._msdcs.domain.local folder. Delete the IP Address for the old DC. Delete the DC's GUID ALIAS: Click on _msdcs.domain.local. You will see an ALIAS record with a long GUID number as the name pointing to the old DC's FQDN. Delete it. To make sure all records are gone, fully expand each subfolder under the _msdcs.domain.local zone. Make sure you do not see any references to the failed DC. If so, please delete them. The subfolders are: dc domains gc pdc 9. Delete the NameServer reference in all DNS zones' properties, Nameserver tab. Right-click DNS server name, properties Nameserver Tab Remove the old DC FQDN and/or IP Repeat for every zone that exists 10. Run a DNSLINT report. Make sure the old DC is no longer listed anywhere in DNS. If it still does, go back to Steps #8 and #9. Here are some links to understand how to use it. Dnslint Overview: Domain Name System(DNS) Prior to the development of DNSLint, the nslookup utility was frequently ... http://technet.microsoft.com/en-us/library/cc736981(WS.10).aspx Support WebCast: Microsoft Windows: Using the DNSLint Utility http://support.microsoft.com/?id=329982 Description of the DNSLint utility Dec 3, 2007 ... DNSLint is a Microsoft Windows utility that helps you to diagnose common DNS name resolution issues. http://support.microsoft.com/kb/321045 How to use DNSLint to troubleshoot Active Directory replication issues This article describes how to use the DNSLint utility to troubleshoot Active ... http://support.microsoft.com/kb/321046 Manually altering a DC to turn it into a non-DC Last but not least, years ago before the /forceremoval switch, when a DC could not be removed yet wanting to keep the machine intact after demotion, there was a method posted the steps to manually rip out the pieces that make a DC a DC. FWIW, here they are: 14 easy manual steps to make a DC a non-DC Some have posted this as 12 steps, 13 steps or 14 steps. They are the same steps. Some have combined multiple tasks, but they are the same. Keep in mind, unless it was changed, this is not supported by Microsoft. I believe there was a KB on it at one time, but I don't have the KB#. If you follow this, keep in mind, this msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx 5/9 10/8/13 Complete Step by Step to Remove an Orphaned Domain Controller - AD and Exchange Quantum Singularity posting is AS-IS and offers no guarantees and confers no rights from Microsoft or myself. Here are a couple of links explaining the steps, as well as the steps posted below. This was archived at this site from an old Newsgroup post I made back in 3/11/2003: http://www.pcreview.co.uk/forums/manually-remove-ad-t1448839p2.html Remove failed DC from AD manually… Never been easier (step by step with screen shots) Unlike Windows 2000 and 2003, Windows 2008 & Windows 2008 R2 have new GUI tools to remove a failed DC from the AD database. http://fawzi.wordpress.com/2010/11/11/remove-failed-dc-from-ad-manually-never-been-easier/ 1) On another DC in the domain run NTDSUTIL to move the FSMO's, er seize them! DOH. (If this is the only DC, then don't worry about it) 2) Make sure DNS is 100% solid on the working DC. (If only one DC, don't worry about it for now, but configure it correctly before promoting it to a new DC). 3) Make sure working DC is also a GC. (If just one DC, don't worry about it). 4) Boot corrupted DC into DSRM, edit the registry change HKLM\SYSTEM\CCS\Control\ProductOptions change the ProductType value from LanmanNT to ServerNT. This key dictates if the machine is a DC or just a server. ServerNT means it's not a DC. 5) Command prompt > net stop ntfrs to stop FRS. 6) Delete the Winnt\Sysvol and NTDS directories. 7) Reboot the now former DC 8) Log into the now member server. Change it to a stand alone, by joining a workgroup (My Computer Properties, Network ID tab, remove it from the old domain). 9) Reboot the now stand alone server. 10) If there is only one DC in the domain, skip this step, otherwise, on the good DC delete the disabled computer account for the old, now defunct DC. 11) Now on this new stand alone machine, set the Primary DNS Suffix to the new domain name that you want (In My Computer. Properties, Network ID Tab, Properties, More,). Reboot. 12) Make sure that DNS is configured with the new domain name and updates set to YES. 13) Run DCPROMO to create a new domain or join the domain/tree/forest again. 14) Reboot Comments, suggestions and corrections are welcomed! Ace Fekay by acefekay Filed under: removing Exchange, Exchange 2003, Active Directory, exchange 2007, Application Partitions, exchange on a domain controller, exchange dsaccess does not fail over to another dc if exchange installed on a domain controller, exchange on a DC, exchange dsaccess will not failover if installed on a dc, Time Convergence Hierarchy, Windows Time Service, Windows time hierarchy, Time Service, AD, Exchange 2010, AD Sites, Active Directory Sites, remove a failed DC, reinstall a DC with the same name, dead DC, orphaned domain controller, reinstall a domain controller with the same name, lingering objects, dead domain controller, Orphaned DC, remove a failed domain controller, replication errors Comments # Ace Fekay's Active Directory, Exchange and Windows Infrastructure Services Blog said on Sunday, January 16, 2011 10:36 AM Active Directory FSMO Roles Explained Ace Fekay, MCT, MCTIP EA, MCTS Windows 2008 & Exchange 2007 # Jim H said on Saturday, May 14, 2011 8:18 PM You are right about two things: 1. There are at least twenty-gazillion articles out there on this topic. 2. This has to be the most comprehensive and concice description of this process I have seen so far. I have had to do this on several occasions and - invariably - I'd miss a step or two because many of the articles out there assume you do this every day for a living. . . . Your article leaves nothing to the imagination - complete, even includes crosreferences for more information. Have you considered putting this up on Wikipedia? I am definitely going to book-mark this one! Thanks! Jim H. # Johnny L said on Monday, July 11, 2011 12:01 PM My situation is simple: I have a remote location in East Coast and the office has closed for good and of course before I got the chance to use dcpromo to take it out of my directory the server is dead (hardware failure). The server over in NY is 2003 Server R2 SP2. At HQ, I have the 2008 Server AD R2 and I want to delete/remove the NY AD server for good - keep in mind that I don't need to install or re-install the new AD server since the office is closed for good thanks. I still have 3 other sites which is running perfectly right now. Only at HQ is the main DC. Please help thanks. # acefekay said on Wednesday, December 14, 2011 10:08 PM Jim H, thanks for the feedback! I would have responded sooner, but I don't receive email updates when comments are left! Ace msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx 6/9 10/8/13 Complete Step by Step to Remove an Orphaned Domain Controller - AD and Exchange Quantum Singularity Johnny, you'll need to manually rip out the failed DC from the AD database. That's what this article addresses. I know it's a bit late responding, but have you ever resolved this? Ace # Ace Fekay's Active Directory, Exchange and Windows Infrastructure Services Blog said on Friday, January 06, 2012 9:27 AM Active Directory Lingering Objects, Journal Wraps, Tombstone Lifetime, and Event IDs 13568, 13508, 1388 # Moneer said on Tuesday, March 13, 2012 8:31 AM Great article. Dumb question: would this work for a server that has been physically removed from the domain but keeps showing up in Group Policy Management? I thought it was correctly removed but it is causing us some problems, and it is now physically removed. Thanks # Neilrahc said on Monday, October 22, 2012 3:12 PM Very helpful and satisfying that you took the time and care to create a great resource which comprehensively covers this task. Thanks! # Yan Shtulberg said on Monday, March 25, 2013 8:34 AM Perfect admin guide - thank you # maidilu*@gmail.com said on Tuesday, April 16, 2013 6:01 AM Paul hit two 3-pointers, Bryant made a layup, and his block of James led to Durant's dunk that made it 136-126. Griffin had one last forceful dunk to help close it out, throwing a pass to himself off the backboard and climbing high in his neon green sneakers to slam it home and make it 142-134.Harden had 15 points in his home arena, where the sights of the game were on the floor and the sounds were at the rim 鈥?which shook repeatedly after thunderous dunks for most of the game before, as usual, players tried to make some stops down the stretch. # tstqfaxh@gmail.com said on Wednesday, April 17, 2013 3:21 AM Les gens, les coureurs et les non-coureurs semblables, peuvent prendre beaucoup plus que nous pensons que nous pouvons. Nous pouvons continuer même quand nos jambes sont lancinante et nos cœurs sont brisés. Cette journée horrible d'événements ne faiblira pas l'endurance de courage collectif de l'Amérique. Nous allons seulement finir fort. # pysbiws@gmail.com said on Wednesday, April 17, 2013 5:19 AM Les attentats à la ligne d'arrivée du marathon de Boston a secoué la nation. Beaucoup d'enfants entendirent leurs parents en parler, ou pris un coup d'œil sur la couverture de nouvelles. Comment un parent peut discuter effectivement le cas? # Wayne said on Thursday, June 20, 2013 9:52 AM This is excellent, I only have one question for now, Is there any point during this process that I would have continued service issues on the existing DC's, potential slowdown when running the forced replication maybe. I know I should do this off hours but didn't know if I needed to plan a maintenance window and alert the user population. # Dave said on Tuesday, June 25, 2013 3:00 PM Hi there, thanks for all the effort to detail this. Unfortunately I find it a bit confusing. I assume that most of the steps above are to be undertaken on another DC? If so what do I need to do, if anything on the tombstoned DC? At the end there is a section about manually altering a DC, I take it these are things I should be doing on the broken DC to make it not a DC, but they allude to a method >>"/forceremoval switch" as being easier than the manual one detailed, but if this easier method is something I can use, what is it? dcpromo /forceremoval maybe? If so, do I run that on the dead DC before doing all the steps detailed above on the live DCs and do I do that with it still attached to the network? I have gleaned from the rest of the net that once it gets tombstoned to disconnect it's network card quickly, so do I need to connect that again and do the "... /forceremeoval" thing and then run through the main steps in your article? Leave a Comment Title (required) re: Complete Step by Step to Remove an Orphaned Domain Controller Name: (required) Website: (optional) Comments (required) Remember Me? Enter the numbers above: Submit Search msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx 7/9 10/8/13 Complete Step by Step to Remove an Orphaned Domain Controller - AD and Exchange Quantum Singularity Go This Blog Home Contact Tags Active Directory Active Directory DNS domain name Active Directory Groups Active Directory Sites AD AD Integrated Zones AD Sites ADSI Edit client side resolver Client side resolver service dead DC DNS DNS & WINS Resolution Process DNS domain name DNS resolver DomainDnsZones Duplicate Zones exchange on a DC ForesDnsZones remove a failed DC removing Exchange single label name TCP/IP tombstone windows 2003 Community Home Blogs Media Groups Archives August 2012 (1) June 2012 (1) February 2012 (3) January 2012 (2) December 2011 (2) November 2011 (1) August 2011 (1) February 2011 (2) January 2011 (1) December 2010 (1) October 2010 (7) August 2010 (1) May 2010 (3) February 2010 (1) January 2010 (1) November 2009 (4) September 2009 (6) August 2009 (7) Syndication RSS for Posts Atom RSS for Comments Email Notifications Your Email Address Go msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx 8/9 10/8/13 Complete Step by Step to Remove an Orphaned Domain Controller - AD and Exchange Quantum Singularity Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft. Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies. msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx 9/9