Active Directory Cookbook for Windows Server 2003 and Windows 2000-Active Directory Cookbook for Windows Server 2003 and Windows 2000

Recipe 2.5 Removing an Orphaned Domain

2.5.1 Problem

You want to completely remove a domain that was orphaned because "This server is the last domain controller in the domain" was not selected when demoting the last domain controller, the domain was forcibly removed, or the last domain controller in the domain was decommissioned improperly.

2.5.2 Solution

2.5.2.1 Using a command-line interface

The following ntdsutil commands (in bold) would forcibly remove the emea.rallencorp.com domain from the rallencorp.com forest. Replace <DomainControllerName> with the hostname of the Domain Naming Flexible Single Master Operation (FSMO) for the forest:

> ntdsutil "meta clean" "s o t" conn "con to server <DomainControllerName
>" q q
metadata cleanup: "s o t" "list domains"
Found 4 domain(s)
0 - DC=rallencorp,DC=com
1 - DC=amer,DC=rallencorp,DC=com
2 - DC=emea,DC=rallencorp,DC=com
3 - DC=apac,DC=rallencorp,DC=com
select operation target: sel domain 2
No current site
Domain - DC=emea,DC=rallencorp,DC=com
No current server
No current Naming Context
select operation target: q
metadata cleanup: remove sel domain

You will receive a message indicating whether the removal was successful.

2.5.3 Discussion

Removing an orphaned domain consists of removing the domain object for the domain (e.g., dc=emea,dc=rallencorp,dc=com), all of its child objects, and the associated crossRef object in the Partitions container. You need to target the Domain Naming FSMO when using the ntdsutil command because that server is responsible for creation and removal of domains.

In the solution, shortcut parameters were used to reduce the amount of typing necessary. If each parameter were typed out fully, the commands would look as follows:

> ntdsutil "metadata cleanup" "select operation target" connections "connect to
 server <DomainControllerName
>" quit quit
metadata cleanup: "select operation target" "list domains"
Found 4 domain(s)
0 - DC=rallencorp,DC=com
1 - DC=amer,DC=rallencorp,DC=com
2 - DC=emea,DC=rallencorp,DC=com
3 - DC=apac,DC=rallencorp,DC=com
select operation target: select domain 2
No current site
Domain - DC=emea,DC=rallencorp,DC=com
No current server
No current Naming Context
select operation target: quit
metadata cleanup: remove selected domain

2.5.4 See Also

Recipe 3.6 for removing an unsuccessfully demoted domain controller, MS KB 230306 (HOW TO: Remove Orphaned Domains from Active Directory), MS KB 251307 (HOW TO: Remove Orphaned Domains from Active Directory Without Demoting the Domain Controllers), and MS KB 255229 (Dcpromo Demotion of Last Domain Controller in Child Domain Does Not Succeed)

[ Team LiB ]