Skip navigation

JSI Tip 3425. How can I remove an orphaned domain from Active Directory without demoting the domain controllers?

If the only, or all, domain controllers for a domain have failed, and you don't have a backup, or if some of the domain controller were physically removed without first being demoted:

01. While logged on as a member of Enterprise Admins, use Active Directory Sites and Servers to connect to the FSMO role holder.

02. Delete every computer entry in the orphaned domain.

NOTE: Before proceeding, verify that replication has occurred since the last use of DCPromo.

03. Using Active Directory Domains and Trusts, right-click the root node in the left hand pane (titled Active Directory Domains and Trusts) and press Operations Master. The domain controller which holds this role is identified in the Current Operations Master frame.

04. Open a CMD prompt and type ntdsutil.

05. Type metadata cleanup and connections.

06. Type connect to server <Domain Naming Master FSMO Role Server Name>.

07. Type quit to return to Metadata Cleanup.

08. Type select operation target.

09. Type list domains to display a list of domains in the forest and an associated number.

10. Type select domain <number>, where number is the domain to be removed.

11. Type quit to return to Metadata Cleanup.

12. Type remove selected domain, which should generate a confirmation that the removal was successful.

13. Type quit as many times as necessary to exit ntdsutil and receive a 'disconnected successfully'.

NOTE: The Help files included with the Microsoft Windows 2000 Resource Kit contain a Books Online link that describes the ntdsutil tool in greater detail.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.