Windows
How to remove a obsolete domain controller in Active Directory
To remove an obsolete domain controller from Active Directory, follow these steps:
- Removing Metadata via Active Directory Users and Computers:
- Log in to the domain controller server as a Domain/Enterprise administrator.
- Navigate to Server Manager > Tools > Active Directory Users and Computers.
- Expand the Domain > Domain Controllers.
- Right-click on the domain controller you need to manually remove and click Delete.
- Confirm the deletion by clicking Yes within the Active Directory Domain Services dialog box.
- If the domain controller is a global catalog server, click Yes in the next window to continue with deletion.
- If the domain controller holds any FSMO roles, click Ok to move them to an available domain controller.
- Removing the DC Server Instance from Active Directory Sites and Services:
- Go to Server Manager > Tools > Active Directory Sites and Services.
- Expand the Sites and locate the server you want to remove.
- Right-click on the server and click Delete.
- Confirm the deletion by clicking Yes.
- Remove Metadata via
:ntdsutil
- Open Command Prompt (admin) by right-clicking on Start and selecting it.
- Type
ntdsutil
and press Enter.
- You’ll be presented with the metadata cleanup prompt.
- Next, type
remove selected server <servername>
(replace
<servername>with the domain controller server you wish to remove).
- Confirm by clicking Yes when presented with the warning window.
- Execute the
quit
command twice to exit the console.
Remember that using
DCPROMO
is still the proper way to remove a domain controller in an Active Directory infrastructure. However, certain situations, such as server crashes or DCPROMO failures, may require manual removal of the DC by cleaning up its metadata123. 🗄️🔍