Installing a new domain controller is the easy part. Once you've done that, you need to clean up references to the old domain controller so that other computers in the domain don't try to connect to it anymore. You need to remove references to the server in DNS, and you need to examine any roles that the failed server played.
If the failed server was a global catalog server, you should designate another domain controller as a global catalog server. If the failed server held an operations master role, you will need to seize the role and give it to another domain controller.
Let's start with DNS and roles. To clean up DNS, you need to remove all records for the server in DNS. This includes SRV records that designate the computer as domain controller and any additional records that designate the computer as a global catalog server or PDC emulator if applicable.
To clean up references to the failed domain controller in Active Directory, you'll need to use Ntdsutil. You must use an account with Administrator privileges in the domain. However, you can run Ntdsutil from
- Click Start, click Run, type cmd in the Open field, and then click OK.
- At the command prompt, type ntdsutil. This starts the Directory Services Management Tool.
- At the Ntdsutil prompt, type metadata cleanup. You should now be at the Metadata Cleanup prompt.
- Access the Server Connections prompt so that you can connect to a domain controller. To do this, type connections and then type connect to serverDCName where DCName is the name of a working domain controller in the same domain as the failed domain controller.
- Exit the Server Connections prompt by typing quit. You should now be back at the Metadata Cleanup prompt.
- Access the Select Operation Target prompt so that you can work your way through Active Directory from a target domain to a target site to the actual domain controller you want to remove. Type select operation target.
- List all the sites in the forest by typing list sites and then type select siteNumber, where Number is the number of the site containing the failed domain controller.
- List all the domains in the site by typing list domains in site and then type select domainNumber, where Number is the number of the domain containing the failed domain controller.
- List all the domain controllers in the selected domain and site by typing list servers in site and then type select serverNumber, where Number is the number of the server that failed.
- Exit the Select Operation Target prompt by typing quit. You should now be back at the Metadata Cleanup prompt.
- Remove the selected server from the directory by typing remove selected server. When prompted, confirm that you want to remove the selected server.
- Type quit twice to exit Ntdsutil. Next, remove the related computer object from the Domain Controllers OU in Active Directory Users And Computers. Finally, remove the computer object from the Servers container for the site in which the domain controller was located, using Active Directory Sites And Services.
About the author: Rahul Shah currently works at a software firm in India, where he is a systems administrator maintaining Windows servers. He has also worked for various software firms in testing and analytics, and also has experiences deploying client/server applications in different Windows configurations.
This was first published in June 2006