DC

Removing a DC by force

There are times when a DC has to be removed by force. It’s really not that hard a quick dcpromo /forceremoval will do it for you. Now comes the tricky part, you have to remove the metadata manually out of AD.

Here is a really great article for this:

 http://www.petri.co.il/delete_failed_dcs…

This becomes doubly important if you want to ever re-promote the server back to the domain. Without removing the metadata it will not allow you to re-promote.

“The specified domain either does not exist or could not be contacted” on a DC

I got this error today when trying to log into the only DC at one of our client sites. Needless to say this is a bad sign when a DC can’t see it’s own domain. After a few checks I quickly found that none of the machines could log into the domain at all. Didn’t take me long to figure out that DNS must be hooped. To get it working I logged in locally on another server, opened up services.msc, connected to the DC by IP address and stopped and started the DNS server service, and just like that everything came back. Now here is the rant, DNS is so tightly integrated with AD that you can get these catch-22 scenario’s where you can’t log into a server because DNS isn’t working but you need to log in to fix DNS. While one can easily restart a service from another machine, any other in depth troubleshooting is difficult especially since in this situation it would have been a 45 minute drive to get to the physical box.