Asked by:
How to delete Domain contoller that not exist in AD but he show in search object

Question
-
All replies
-
-
Its always a hassle when you don't remove a DC in the "normal" way.
When you don't, you need to do a Metada cleanup for that DC.
https://servergurunow.wordpress.com/2017/08/08/metadata-cleanup-of-a-domain-controller-2/
- Edited by Guilherme Tápia Friday, May 7, 2021 1:30 PM
-
Hey,
1Removing metadata via Active Directory Users and Computers
2Removing the DC server instance from the Active Directory Sites and Services
3Remove metadata via ntdsutilC:\Users\Administrator>ntdsutil
ntdsutil: metadata cleanup
metadata cleanup: remove selected server DC2
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001F7, problem 2006 (BAD_NAME), data 8350, best match of:'CN=Ntds Settings,DC2'
Win32 error returned is 0x208f- Proposed as answer by Bryan丶Song Wednesday, October 20, 2021 5:41 AM
-
Hi,
Removing metadata via Active Directory Users and Computers
Log in to DC server as Domain/Enterprise administrator and navigate to Server Manager > Tools > Active Directory Users and Computers.
Expand the Domain > Domain Controllers.
Right click on the Domain Controller you need to manually remove and click Delete.Hope this answer will help you.
-
-
-
-
The following detailed steps will help you accomplish this:
Step 1: Removing metadata via Active Directory Users and Computers
Log in to DC server as Domain/Enterprise administrator and navigate to Server Manager > Tools > Active Directory Users and Computers
Expand the Domain > Domain Controllers
Right click on the Domain Controller you need to manually remove and click Delete
Step-By-Step: Manually Removing A Domain Controller Server
Click Yes to confirm within the Active Directory Domain Services dialog box
Step-By-Step: Manually Removing A Domain Controller Server
In next dialog box, select This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO) and click Delete
Step-By-Step: Manually Removing A Domain Controller Server
If the domain controller is global catalog server, in next window click Yes to continue with deletion
If the domain controller holds any FSMO roles in next window, click Ok to move them to the domain controller which is available
Step 2: Removing the DC server instance from the Active Directory Sites and Services
Go to Server manager > Tools > Active Directory Sites and Services
Expand the Sites and go to the server which need to remove
Right click on the server you which to remove and click Delete
Step-By-Step: Manually Removing A Domain Controller Server
Click Yes to confirm
Step-By-Step: Manually Removing A Domain Controller Server
Step-By-Step: Manually Removing A Domain Controller Server
You are then presented with the metadata cleanup prompt
meta8
Next type remove selected server <servername>
NOTE: Replace <servername> with domain Controller server you wish to remove
Step-By-Step: Manually Removing A Domain Controller Server
Click Yes to proceed when presented with the warning window
Execute the quit command twice to exit out of the consoleRegards,
Rachel Gomez
-
Hello,
I think you see DC this way because you didn't clean with a recommended method. You will need to do metadata for this, and I recommend that you do a health check for existing DC servers. -
Hi,
You can follow these steps-
If a Domain Controller that no longer exists in Active Directory is still showing up in search results, you can use the Active Directory Sites and Services snap-in to remove it. Here are the steps to do this:
1. Open the Active Directory Sites and Services snap-in on a Domain Controller in the same domain.
2. In the left pane, expand the Sites container and then expand the container for the site where the removed Domain Controller was located.
3. In the left pane, expand the Servers container and then expand the container for the removed Domain Controller.
4. In the left pane, right-click on the NTDS Settings object for the removed Domain Controller and select Delete.
5. Confirm that you want to delete the object by clicking Yes.
6. Close the Active Directory Sites and Services snap-in.
Another method you can use to remove a Domain Controller from AD is by using the ntdsutil command-line tool, here's an example of how to use it:
1. Open the Command Prompt as an administrator
2. Type the following command to enter Ntdsutil:
ntdsutil
3. Type the following command to enter the metadata cleanup mode:
metadata cleanup
4. Type the following command to list all the domain controllers:
connections
5. Type the following command to select the domain controller that you want to remove:
select operation target
6. Type the following command to remove the selected domain controller:
remove selected server
7. Type the following command to quit the Ntdsutil:
quit
Please note that, before you proceed with any of the above steps, make sure that you have a good backup of your AD and make sure that you understand the effect of removing a domain controller on your domain.
Thanks- Edited by James Millere Wednesday, January 25, 2023 11:34 AM
-
To delete a domain controller that no longer exists in your Active Directory (AD) environment but is still showing up in search results, follow these steps:
-
Open Active Directory Users and Computers (ADUC) console.
-
Right-click on the domain and select Find.
-
In the search box, type the name of the domain controller that you want to delete.
-
Right-click on the domain controller object in the search results and select Delete.
-
Confirm the deletion by clicking Yes.
-
If the domain controller object cannot be deleted due to access restrictions or other errors, you can try using the ADSI Edit tool.
-
Open ADSI Edit by clicking Start, Run, and then typing adsiedit.msc.
-
Connect to the default naming context and locate the domain controller object that you want to delete.
-
Right-click on the object and select Delete.
-
Confirm the deletion by clicking Yes.
It is important to ensure that you are logged on with an account with sufficient permissions to perform the deletion and that you have made a backup of your AD environment before making any changes.
-