Skip navigation

JSI Tip 5385. Deleting an orphaned NTDS Settings from Active Directory Sites and Services errors with 'DSA object cannot be deleted'?

When you attempt to delete an orphaned NTDS Settings from Active Directory Sites and Services, you receive:

DSA object cannot be deleted.

NOTE: Each server in the Servers folder should have one NTDS Settings. If two exist, the one with the missing connections object in the right-hand pane is generally the orphaned NTDS Settings.

When you use Dcpromo.exe to demote a domain controller, it should delete the NTDS Settings. If it fails to delete the NTDS Settings, or replication fails to delete it, use the following procedure on each domain controller that has an orphaned NTDS Settings:

1. Run ADSIEdit.msc.

2.. Navigate through:

    Configuration NC

        CN=Configuration,DC=<domain name>, DC=<domain suffix>


                                CN= <Site Name>


3. On the server that has the orphaned NTDS Settings, right-click the NTDS Settings and press Delete.

NOTE: ADSIEDIT.msc is part of the Windows 2000 Support Tools.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.