JSI Tip 6166. You cannot manually remove a domain from the forest?

In tip 4984, Microsoft detailed how to remove data in the Active Directory after an unsuccessful domain controller demotion.

In tip 3425, I described how to remove an orphaned domain from Active Directory without demoting the domain controllers.

If you attempt to use adsiedit.msc or ldp.exe to manually remove a domain from the forest, you receive:

Using ADSI Edit:

A referral was returned from the server.

Using ldp.exe:

Error 10: Referral deleted zero entries.

These errors will occur if a domain controller retains the schema master or the domain naming master Flexible Single Master Operation (FSMO) roles.

To fix the problem:

1. On each domain controller for the deleted domain, open a CMD prompt.

2. Type Dcdiag /test:KnowsOfRoleHolders /v and press Enter.

3. Seize any FSMO roles that are still held by the domain controller for the deleted domain.

4. To verify FSMO role holders in the forest, type Dcdiag /test:KnowsOfRoleHolders /v and press Enter.

NOTE: See Using Ntdsutil to remove a non-existant domain generates 'DsRemoveDsDomainW error'?



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish