Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Removing a fialed child domain promo from the parent domain

414 views
Skip to first unread message

Rick

unread,
Feb 10, 2003, 1:37:56 PM2/10/03
to
I have found this problem as detailed in this newsgroup to
be almost exactly the same as my problem. The child domain
dcpromo to the parent domain failed but objects were
written to the NTDS of the parent domain. I had exactly
the same result when I went to remove the child domain in
ntdsutil, but the child domain controller is not listed in
either of the 2 replicate root DCs using ADSIEdit. How
does one remove the child domain when in ntdsutil says
that the Domain Controller exists, but ADSIEdit does not
find it (on either root domain server)

Rick

--------Pasted from previous article---------

The Indus was successfully removed, he was and still is
not in de Domain Controller list in adsiedit.

I can reinstall the Indus (same computer), do you think
that when i have a new installation on the Indus the
Enterprise controller will reconize the Indus as the same
domain controller and that this will solve the problem?

Regards,

Rolf


>-----Original Message-----
>Based on the error you are getting it looks like the DC
was not
>successfully removed.
>
>Please go back through the adsiedit steps I previously
posted and remove
>the indus server.
>
>Let me know how that goes.
>
>Regards,
>
>Jon Cantrell, MCSE
>Product Support Services
>Microsoft Corporation
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>--------------------
>> From: "Rolf" <r.wat...@hkv.nl>
>> Subject: RE: Remove child domain from domain controller
>> Date: Mon, 27 Jan 2003 03:01:29 -0800
>> Newsgroups: microsoft.public.win2000.active_directory
>>
>> Hello,
>> This is the ntdsutil try (po is the enterprise
controller):
>> --------------------------------------------------------
--
>> metadata cleanup: connections
>> server connections: connect to server po
>> Binding to po ...
>> Connected to po using credentials of locally logged on
user
>> server connections: quit
>> metadata cleanup: select operation target
>> select operation target: list domains
>> Found 2 domain(s)
>> 0 - DC=domain,DC=com
>> 1 - DC=testdomain,DC=domain,DC=com
>> select operation target: select domain 1
>> No current site
>> Domain - DC=testdomain,DC=domain,DC=com
>> No current server
>> No current Naming Context
>> select operation target: quit
>> metadata cleanup: remove selected domain
>> DsRemoveDsDomainW error 0x2162(The requested domain
could
>> not be deleted because
>> there exist domain controllers that still host this
>> domain.)
>> metadata cleanup:
>> --------------------------------------------------------
--
>> this is from the eventviewer:
>> --------------------------------------------------------
--
>> Event Type: Warning
>> Event Source: NTDS KCC
>> Event Category: Knowledge Consistency Checker
>> Event ID: 1265
>> Date: 27-1-2003
>> Time: 11:37:39
>> User: N/A
>> Computer: PO
>> Description:
>> The attempt to establish a replication link with
parameters
>>
>> Partition: CN=Configuration,DC=domain,DC=com
>> Source DSA DN: CN=NTDS
>> Settings,CN=INDUS,CN=Servers,CN=Default-First-Site-
>> Name,CN=Sites,CN=Configuration,DC=domain,DC=com
>> Source DSA Address: e8f20c3e-f99f-447e-bbcc-
>> d9954147fc34._msdcs.domain.com
>> Inter-site Transport (if any): CN=IP,CN=Inter-Site
>> Transports,CN=Sites,CN=Configuration,DC=domain,DC=com
>>
>> failed with the following status:
>>
>> The RPC server is unavailable.
>>
>> The record data is the status code. This operation
will
>> be retried.
>> Data:
>> 0000: ba 06 00 00 º...
>> --------------------------------------------------------
--
>> The INDUS is the domain controller of
>> testdomain.domain.com domain.
>> The PO is the Enterprise domain controller of domain.com
>> Do you have more suggestions?
>> I also tried connect to server indus but that is
>> impossible because he doesn't exist anymore.
>> With regards,
>> Rolf
>
>.
>
.


Matjaz Ladava

unread,
Feb 10, 2003, 3:08:43 PM2/10/03
to
You can use http://support.microsoft.com/?kbid=230306 - HOW TO: Remove
Orphaned Domains from Active Directory and
http://support.microsoft.com/?kbid=251307 HOW TO: Remove Orphaned Domains
from Active Directory Without Demoting the Domain Controllers

Regards

Matjaz Ladava

"Rick" <rt...@csbsystems.com> wrote in message
news:021a01c2d133$876b5210$a201...@phx.gbl...

Rick

unread,
Feb 11, 2003, 9:42:13 AM2/11/03
to
Thank you for your response. I have referenced both of
these KB articles and have tried to act on them. Your
first reference (Q230306) and my result is detailed in the
copy of the posing I included below. When I try to delete
the domain, the message is:

>> DsRemoveDsDomainW error 0x2162(The requested domain
could
>> not be deleted because
>> there exist domain controllers that still host this
>> domain.) Your second reference (Q251307) when I try to
delete the Domain Controller object in the site results in
the message "The DSA object cannot be deleted". This is
done on the FSMO DC. If I try to access the child domain
in Domains and Trusts of the root DC, the error is "A
referal was returned from the server". This situation was
created by the failed DCPROMO of the first child domain
controller. The child DC object was removed from the
DomainNC in ADSIEdit on the FSMO DC as well.

The end result here is that I want to re-attempt the child
domain creation using that same child domain name. This is
a test environment so I can do what is required. I have
backups of both root domain DCs.

Rick

>..
>
>
>
>.
>

Matjaz Ladava

unread,
Feb 11, 2003, 2:40:46 PM2/11/03
to
Hmm. Well, when server returns a referral, this basicaly means, that you
asked DC (trough LDAP) something, but the server returned a referal, because
it doesn't think, that it is authoritative for the query you specified.

For the first error, there was a post month ago from Linda Kupce, which
sugest to check if there are no NTSD objects in Lost and found container. If
there are delete it.
Allso check the post from Jon Cantrell (Remove child domain from domain
controller) from this newsgroup dated from 23.jan regarding similar
problems.

Allso check http://support.microsoft.com/default.aspx?scid=kb;en-us;216498

There are a lot of similar problems, but each solution is different. Your's
may be because you did some cleanup with ADSI. Please be shure to check
other posts in this newsgroup as they will give you some other
possibilities.

Regards

Matjaz Ladava

"Rick" <rt...@csbsystems.com> wrote in message

news:0a6c01c2d1db$c404b100$a601...@phx.gbl...

Rick

unread,
Feb 11, 2003, 5:13:19 PM2/11/03
to
Well, who knows but:
The only object that was remaining in ADSIEdit was in
Configuration Container->CN=Configuration,...-
>CN=Partitions and I had tried to remove that before. But
that was on the Domain Naming FSMO which was in the other
site. When I transfered the FSMO to the site that the
child domain was created (failed) in, I was able to
deleted the Configuration object, and the domain is no
longer listed in ntdsutil! Yet I wonder why where the FSMO
is in relation to the site that had the failed child
domain creation has to do with it? the 2 root domain
controllers speak to each other and I should be able to
remove an object from the FSMO DC regardless as to which
site it belongs to...
TNX for your help
Rick
>.
>

Matjaz Ladava

unread,
Feb 11, 2003, 5:34:28 PM2/11/03
to
It depends of which FSMO we are speaking about (there are five of them). I
think that other articles point out, that you must do all the work on Domain
Naming Master FSMO role.

Regards

Matjaz Ladava

"Rick" <gri...@csbsystems.com> wrote in message
news:01dd01c2d21a$c87f3e00$a501...@phx.gbl...

Rolf

unread,
Feb 12, 2003, 2:15:39 AM2/12/03
to
Hi Rick,

This is what Microsoft told me te do and the problem is
solved.

1) On an existing DC in the "domain.com" parent/root
domain open a command prompt and follow KB article 216498.

ntdsutil -> enter
metadata cleanup -> enter
connections -> enter
connect to server <your root server name> -> enter
quit -> enter
select operation target -> enter
list domains -> enter
select domain <domain number that references the child
domain> -> enter

The output that the states "no current site" "no current
naming context" and "no current server" is normal output
and can be ignored.

list sites -> enter
select site <site number from previous command> -> enter
list servers in site -> enter
select server <server number that needs to be removed out
of AD (testserver) > -> enter
quit -> enter
remove selected server -> enter

You will be prompted to verify you want to remove the
server out of AD. Verify the naming is correct and say OK.

Type quit and enter at each prompt until you get back to
the C prompt.

2) Open Active Directory Sites and Services, drill down to
the following path Sites - <Site Name> - Servers - and
list your servers.

3) Highlight the Server in the Child domain that we want
to remove (testserver) and right click - delete.

4) Expand the other servers and highlight the "NTDS
Settings" one at a time, on the right hand pane you will
see connection objects from other DC's. Highlight any
connection objects that may be from the deleted server
(testserver) and right click - delete. Do this for each
server in each site. Basically we are removing any
reference to the "testserver."

5) From the previous case notes it appears we have already
removed the server object out of Active Directory Users
and Computers by editing the userAccountControl in ADSI
Edit.

6) Now you can go back to the command prompt and remove
the "testdomain" using the metadata cleanup as you
attempted before. The problem is that you need to do the
metadata cleanup and remove all servers out of the child
domain first before you can remove the domain.

Rolf

>.
>

0 new messages