Domain neither removable nor functional

Hi all,

I have a troubled domain in the server 2008 r2 and when i tried to remove the domain by dcpromo i get the below error message

A Domain Controller could not be contacted for the domain dc1.local.net that contained an account for this computer make the computer member of a workgroup then rejoin the domain before retrying the promotion.

The specified domain either does not exist or could not be contacted.

After checking with netdom query fsmo am getting the Domain Controller name not the domain name for all the roles along ending with this error message

DsBindWithSpnExW error 0x6ba(The RPC server is unavailable) 

May 30th, 2015 1:33am

hello 


 Remove AD role using "dcpromo /forceremoval" then delete the record from domain (if exists) by metadata clean up.

More information:https://technet.microsoft.com/en-us/library/cc731871%28v=ws.10%29.aspx

Free Windows Admin Tool Kit Click here and download it now
May 30th, 2015 2:05am

hello

 Remove AD role using "dcpromo /forceremoval" then delete the record from domain (if exists) by metadata clean up.

More information:https://technet.microsoft.com/en-us/library/cc731871%28v=ws.10%29.aspx


May 30th, 2015 5:59am

hello

 Remove AD role using "dcpromo /forceremoval" then delete the record from domain (if exists) by metadata clean up.

More information:https://technet.microsoft.com/en-us/library/cc731871%28v=ws.10%29.aspx


Free Windows Admin Tool Kit Click here and download it now
May 30th, 2015 5:59am

hello

 Remove AD role using "dcpromo /forceremoval" then delete the record from domain (if exists) by metadata clean up.

More information:https://technet.microsoft.com/en-us/library/cc731871%28v=ws.10%29.aspx


May 30th, 2015 5:59am

After removing AD and roles completely i reinstalled the ADDS with new DC name but it seems the DC and domain disconnected and  in the command prompt it was the old DC name on the prompt While dcdiag it shows domain connection failed
  • Edited by isbest 2 hours 51 minutes ago
Free Windows Admin Tool Kit Click here and download it now
May 31st, 2015 12:14am

After removing AD and roles completely i reinstalled the ADDS with new DC name but it seems the DC and domain disconnected and  in the command prompt it was the old DC name on the prompt While dcdiag it shows domain connection failed
  • Edited by isbest Sunday, May 31, 2015 4:09 AM
May 31st, 2015 4:08am

After removing AD and roles completely i reinstalled the ADDS with new DC name but it seems the DC and domain disconnected and  in the command prompt it was the old DC name on the prompt While dcdiag it shows domain connection failed
  • Edited by isbest Sunday, May 31, 2015 4:09 AM
Free Windows Admin Tool Kit Click here and download it now
May 31st, 2015 4:08am

Hi,

After demoting the DC using the dcpromo /forceremoval command. You try doing metadata clean-up using the following script and see if you are getting that DC listed if yes then using the script you can type the name of the DC and script will remove it. Then manually delete the records from below console. Once you done everything then you can same DC with either same name or IP or different Name or IP.

Metadata clean-up Script: https://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede-9f97-0e1cc4d577f3

Manaul Steps:

Dnsmgmt.msc [Dns Management]
A.Expand the forward lookup zones\_msdcs folder
i. Make sure only the actual domain controllers are listed, delete wrong Alias recordsremove wrong name server records
ii. Select the container [forward lookup zones\_msdcs.domain.com\dc\_sites_\sitename\_tcp] > delete incorrect _ldap and _kerberos records are listed.
iii. Select the container [forward lookup zones\_msdcs.domain.com\dc\_tcp] and delete incorrect _ldap and _kerberos records
iv. Expand the [forward lookup zones\_msdcs.domain.com\domains\guid\_tcp] and delete incorrect _ldap entries
v. Select [forward lookup zones\_msdcs.domain.com\gc] delete incorrect HostA records
vi. Expand the [forward lookup zones\_msdcs.domain.com\gc\_sites\sitename\_tcp] delete incorrect _ldap entries
vii.Select the [forward lookup zones\_msdcs.domain.com\gc\_tcp] delete incorrect _ldap entries
viii. Select the [forward lookup zones\_msdcs.domain.com\pdc\_tcp] delete incorrect _ldap entries
 
B.Expand the forward lookup zones\domain.com folder
i.Delete Host(A) records of dcs which are non-existant.
ii.Correct the NameServer (NS) records
iii. Follow steps similar to A ii >> A viii
 
Dssite.msc [Sites and Services]
A.Expand the [Sites\Sitename\Servers] delete incorrect servers
B.Delete incorrect subnet configurations [Sites\Subnets]
C.Delete incorrect site links [Sites\IP]
 
Make sure the domain controllers are pointing to the correct dns servers in tcp\ip settings.
Force replication repadmin /syncall

May 31st, 2015 6:19pm

You need to proceed like the following:

  • Forcibly remove the faulty DC using dcpromo /forceremoval
  • Seize the missing FSMO roles to an existing DC: https://support.microsoft.com/en-us/kb/255504?wa=wsignin1.0
  • Do a metadata cleanup: Use dsa.msc and remove the faulty DC computer account. Use dssite.msc and then remove the DC NTDS settings and its reference

That should fix the problem. However, I invite you to reach my article here to avoid having the same situation: http://www.ahmedmalek.com/web/fr/articles.asp?artid=23

Free Windows Admin Tool Kit Click here and download it now
May 31st, 2015 6:28pm

Hi isbest,

For cleaning up the remaining AD data, you could also refer to this article.

How to remove data in Active Directory after an unsuccessful domain controller demotion

https://support.microsoft.com/en-us/kb/216498/en-us

Best Regards,

Mary Dong

June 1st, 2015 5:09am

How can i do with the vb script is there any way to do like a batch file. please let me know. It was found under the forward lookup zones once clicked it shows only two files described below

Name: (Same as parent folder) Type: Start of Authority(SOA) Data: [1],DC1., hostmaster.dc1.local. Timestamp: Static

Name: (Same as parent folder) Type: Name Server (NS) Data: DC1 Timestamp: Static

there is no

DC, Domains, GC, PDC folders were not present in it what might be cause that failed to do so

  • Edited by isbest 14 hours 16 minutes ago
Free Windows Admin Tool Kit Click here and download it now
June 1st, 2015 12:26pm

metadata clean-up script I have attached above that will remove DC entry But below steps to remove DC information completely from AD Data base in environment. then you can format the server and reuse it with same or IP if required.

Metadata clean-up Script: https://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede-9f97-0e1cc4d577f3

Manaul Steps:

Dnsmgmt.msc [Dns Management]
A.Expand the forward lookup zones\_msdcs folder
i. Make sure only the actual domain controllers are listed, delete wrong Alias recordsremove wrong name server records
ii. Select the container [forward lookup zones\_msdcs.domain.com\dc\_sites_\sitename\_tcp] > delete incorrect _ldap and _kerberos records are listed.
iii. Select the container [forward lookup zones\_msdcs.domain.com\dc\_tcp] and delete incorrect _ldap and _kerberos records
iv. Expand the [forward lookup zones\_msdcs.domain.com\domains\guid\_tcp] and delete incorrect _ldap entries
v. Select [forward lookup zones\_msdcs.domain.com\gc] delete incorrect HostA records
vi. Expand the [forward lookup zones\_msdcs.domain.com\gc\_sites\sitename\_tcp] delete incorrect _ldap entries
vii.Select the [forward lookup zones\_msdcs.domain.com\gc\_tcp] delete incorrect _ldap entries
viii. Select the [forward lookup zones\_msdcs.domain.com\pdc\_tcp] delete incorrect _ldap entries
 
B.Expand the forward lookup zones\domain.com folder
i.Delete Host(A) records of dcs which are non-existant.
ii.Correct the NameServer (NS) records
iii. Follow steps similar to A ii >> A viii
 
Dssite.msc [Sites and Services]
A.Expand the [Sites\Sitename\Servers] delete incorrect servers
B.Delete incorrect subnet configurations [Sites\Subnets]
C.Delete incorrect site links [Sites\IP]
 
Make sure the domain controllers are pointing to the correct dns servers in tcp\ip settings.
Force replication repadmin /syncall

June 1st, 2015 12:35pm

I couldnt find the  listed folders under the forward lookup zone while following the manual steps

except two text files

Free Windows Admin Tool Kit Click here and download it now
June 1st, 2015 1:21pm

How can i do with the vb script is there any way to do like a batch file. please let me know. It was found under the forward lookup zones once clicked it shows only two files described below

Name: (Same as parent folder) Type: Start of Authority(SOA) Data: [1],DC1., hostmaster.dc1.local. Timestamp: Static

Name: (Same as parent folder) Type: Name Server (NS) Data: DC1 Timestamp: Static

there is no

DC, Domains, GC, PDC folders were not present in it what might be cause that failed to do so

  • Edited by isbest Monday, June 01, 2015 4:45 PM
June 1st, 2015 4:22pm

After metadata cleanup and again installed new domain but it seems there is no ldap connectivity while doing dcdiag and found below errors on nslookup

localhost can't find _ldap._tcp.dc.msdcs.mynewdomain: Non-existent domain 

While digging in the netlogon.dns file it shows

mynewdomain. 600 IN  192.168.11.10

_ldap._tcp.mynewdomain. 600 IN SRV 0 100 389 DC1

_ldap._tcp.Default-First-Site-Name._sites.mynewdomain. 600 IN SRV 0 100 389 DC1

_ldap._tcp.pdc._msdcs.mynewdomain 600 IN SRV 0 100 389 DC1

Free Windows Admin Tool Kit Click here and download it now
June 2nd, 2015 12:41am

Hi,

Check your DNS settings also possible check the firewall / IP settings etc.

June 2nd, 2015 5:28am

the DNS settings are correct but it still it shows the same error i figured to restore the server back to the default or repair options that can make it restore. please let me know.
Free Windows Admin Tool Kit Click here and download it now
June 2nd, 2015 12:02pm

Did you do DCPROMO /Force removal if yes then did  run the metadata clean-up tool to automatically delete the DC reference from AD data base.

After that you have to do manual deletion steps but you said you did not find any entry

For that have you click on view advance option enable in DNS console and then gone through each and every manual steps and delete those entry of bad DC?

June 2nd, 2015 12:29pm

I want to inform that this is the only one DC which am doing the configuration and after force removal along with removing roles i couldnt find anywhere DNS settings and once the new domain is installed am getting the same issues .

as you said the advaced option under view was  enabled but still the forward lookup zone is not populating except that 2 text files. or could you please let me know how to restore the server 2kR2 back to default settings.

Free Windows Admin Tool Kit Click here and download it now
June 2nd, 2015 4:36pm

So you want to restore back to original configuration there is no other option then restore from latest system state backup.
June 2nd, 2015 11:40pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics