Pages

5/21/2012

How to fix a messed up domain controller

Just get rid of it!
  • Disconnect the DC from the network
  • Run dcpromo /forceremoval
  • From 2003, use NTDSUTIL to do a "metadata cleanup" to clean the DC out of your AD.  (See below) If you have at least one Windows Server 2008 DC, then open Active Directory Users and Computers from a 2008 DC, find the bad DC, right-click and delete.
Metadata Cleanup using NTDSUTIL
MS Article 216498 explains how to forcibly remove a domain controller account from AD using NTDSUTIL.
http://support.microsoft.com/kb/216498
at 12:08
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)