Announcement

Collapse
No announcement yet.

Can't remove demoted DC from AD (Exchange 2013)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can't remove demoted DC from AD (Exchange 2013)

    Hi,
    I recently made migration from Exchange 2003 to 2013 for two sites environment. For first site I have several DC's and dedicated Exchange server but for second site (remote office) I installed only one Windows Server 2012 with two roles - Exchange 2013 mailbox and Domain Controller. Then I realized that this is not good idea and uninstalled both roles. During this I do not mentioned any problems - Exchange server disappear from directory and demotion of DC role of server passed normally - now it is not DC anymore. Nevertheless DC entry still exist in AD tree other servers are trying to replicate. I tried to promote and demote it again - same story (No errors from server but still exist in AD). I try to fix it with NTDSUTIL and ADSIEDIT but in both cases it gives me an error - Inisufficient rights and can't remove it. I am using account that is member of all available administration groups.

    How to fix it?

  • #2
    Re: Can't remove demoted DC from AD (Exchange 2013)

    have you ever played with ADSIedit?

    it will remove all traces of the DC from the org.

    sometimes there will be traces and files left behind after a demotion or removal of a DC from a site... sometimes time will fix the issue after a full forest wide replication occurs. other times, if there are problems with connectivity or any issues with replication, sometimes there will be a fragments left behind that never get cleaned up.

    i had to bring a DC online for proper demotion of another server. it was only to seize some roles and then it was not needed. thing is, i could never get that server to stop being listed. "BDC2" was always in all of the MMCs and i couldnt get rid of it, even though the server was properly integrated and properly removed from the org...

    so long story long, i had to use ADSIedit to get the org clean and get BDC2 out of the building.
    its easier to beg forgiveness than ask permission.
    Give karma where karma is due...

    Comment


    • #3
      Re: Can't remove demoted DC from AD (Exchange 2013)

      i was just seeing the part where you said you dont have the proper permissions with ADSIedit...

      is it a problem to give yourself schema admin rights? that will allow you to get rid of or modify anything within your AD...

      if that is a problem, then i would let it ride out for a day and see if the AD replication will correct the issue on its own.

      hope that helps,
      James
      its easier to beg forgiveness than ask permission.
      Give karma where karma is due...

      Comment


      • #4
        Re: Can't remove demoted DC from AD (Exchange 2013)

        Originally posted by James Haynes View Post
        i was just seeing the part where you said you dont have the proper permissions with ADSIedit...

        is it a problem to give yourself schema admin rights? that will allow you to get rid of or modify anything within your AD...

        if that is a problem, then i would let it ride out for a day and see if the AD replication will correct the issue on its own.

        hope that helps,
        James
        Hi,
        I am using account that is member in all admin groups (including Schema Admins) but nevertheless I do not have rights. Several days past an replications did not correct this problem. There was lingering object error but I fixed it. I removed old (demoted) server from Active Directory Site and Services but it it still exist in ADSI Edit (Domain - OU=Domain Cotrollers) and I still do not have rights to delete it.

        Comment

        Working...
        X