Tuesday, December 13, 2011

How to Remove Child Domain - Manually

Removing Orphaned Domains from Active Directory

1) Determine the domain controller that holds the Domain Naming Master Flexible Single Master Operations (FSMO) role. To identify the server holding this role:
        1.1) Start the Active Directory Domains and Trusts Microsoft Management Console (MMC) snap-in from the Administrative Tools menu.
        1.2) Right-click the root node in the left pane titled Active Directory Domains and Trusts, and then click Operations Master.
        1.3) The domain controller that currently holds this role is identified in the Current Operations Master frame.NOTE: If this changed recently, not all computer may have received this change yet due to replication.
        For more information about FSMO roles, click the following article number to view the article in the Microsoft Knowledge Base:
       
    2) Verify that all servers for the domain have been demoted.
    3) Click Start, point to Programs, point to Accessories, and then click Command Prompt.
         At the command prompt, type: ntdsutil.
         Type: metadata cleanup, and then press ENTER.
         Type: connections, and then press ENTER. This menu is used to connect to the specific server on which the changes will occur. If the currently logged-on user is not a member of the Enterprise Admins group, alternate credentials can be supplied by specifying the credentials to use before making the connection. To do so, type: set creds domainname username password , and then press ENTER. For a null password, type: null for the password parameter.
        Type: connect to server servername (where servername is the name of the domain controller holding the Domain Naming Master FSMO Role), and then press ENTER. You should receive confirmation that the connection is successfully established. If an error occurs, verify that the domain controller being used in the connection is available and that the credentials you supplied have administrative permissions on the server.
        Type: quit, and then press ENTER. The Metadata Cleanup menu is displayed.
        Type: select operation target, and then press ENTER.
        Type: list domains, and then press ENTER. A list of domains in the forest is displayed, each with an associated number.
        Type: select domain number, and then press ENTER, where number is the number associated with the domain to be removed.
        Type: quit, and then press ENTER. The Metadata Cleanup menu is displayed.
        Type: remove selected domain, and then press ENTER. You should receive confirmation that the removal was successful. If an error occurs, please refer to the Microsoft Knowledge Base for articles on specific error messages.
        Type: quit at each menu to quit the NTDSUTIL tool. You should receive confirmation that the connection disconnected successfully.
see ref

IF it gives the error: "DsRemoveDsDomainW error 0x2162(The requested domain could not be deleted because there exist domain controllers that still host this domain."

THEN do the following
1) open mmc
2) go to add / remove snap-in and select ADSI-Edit & click ok
3) Right Click on ADSI-Edit and select "Configuration" under select a well known Naming Context. Click ok to exit
4)Under CN=Sites delete the child domain controllers from the respective site(s)


This should clear up the above error.


run the above step again - it should be able to complete sucessfully. IF you get this error "DsRemoveDsDomainW error 0x2015(The directory service can perform the requested operation only on a leaf object"


Use the following steps to get rid of the error.



    1) Click Start, click Run, type ntdsutil, and then press ENTER.
    At the Ntdsutil command prompt, type partition management, and then press ENTER.
    2) Type connections, and then press ENTER.
    3) Type connect to server Domain_Controller_Name, and then press ENTER.
    After the following message appears,"Connected to Domain_Controller_Name using credentials of locally logged on user" type quit, and then press ENTER:
    4) At the domain management prompt, type list, and then press ENTER.
    Note the following entry:
    DC=DomainDnsZones,DC=Child_Domain, DC=extension
    For example, if the child domain is let.do.com, note the following entry:
    DC=DomainDnsZones,DC=let,DC=do,DC=com
    Type the following command, and then press ENTER.
    delete nc dc=domaindnszones,dc=Child_Domain,dc=extension
    Note In this command, Child_Domain represents the name of the child domain that you want to remove. For example, if the child domain is let.do.com, type the following command, and then press ENTER:
    delete nc DC=DomainDnsZones,DC=let,DC=do,DC=com
    Quit Ntdsutil.

see ref
Once this is removed, then you can again remove the child domain using ntdsutil from the top.

It worked for me!

20 comments:

  1. thanks, this was the only place with the right set of actions to fix my problem

    ReplyDelete
  2. Epic steps!!! Bloody no website has this elaborated steps as far as I have researched.

    One step that needs to be added in

    "DsRemoveDsDomainW error 0x2015(The directory service can perform the requested operation only on a leaf object"

    After running

    delete nc DC=DomainDnsZones,DC=let,DC=do,DC=com

    Please run following

    repadmin /syncall DC_Name /APed

    eg: repadmin /syncall dc.ads.com /APed

    This will forcefully replicate the change rather you waiting for the change to happen automatically.

    After that continue with step for removal of domain or subdomain.

    It worked for me totally.

    Can't thank enough..cheers...

    ReplyDelete
  3. It worked for me! thanks!

    ReplyDelete
  4. Dude you are a legend! This is the only site to properly document these steps.

    ReplyDelete
  5. Excellent article. Everything I needed all in one place. Thank you for putting this together.

    ReplyDelete
  6. Still not working for me, getting this:

    select operation target: list domains
    Found 2 domain(s)
    0 - DC=domainname,DC=local
    1 - DC=view,DC=domainname,DC=local
    select operation target: select domain 1
    No current site
    Domain - DC=view,DC=domainname,DC=local
    No current server
    No current Naming Context
    select operation target: delete nc DC=DomainDnsZones,DC=view,DC=domainname,DC=
    local
    Error parsing Input - Invalid Syntax.
    select operation target:


    any suggestions?

    Thank you!

    ReplyDelete
  7. Thanks Bro!!!! After hours of searching. Thanks a lot!

    ReplyDelete
  8. just wanted to thank you for this as it worked well. thanks man!!!! big ups respects mun!

    ReplyDelete
  9. This worked for me...thanks!

    ReplyDelete
  10. I've seen these instructions posted on several sites (possibly different authors), but they don't work for me. When I check ADSi for sites, the site isn't listed. I see the domain in Domains and Trusts with no servers listed. When I run the NTDSUtil command, it doens't find any servers for the domain but I still get 0x2162 about existing domain controllers. Any ideas?

    ReplyDelete
  11. Yo man! you're da bomb!!
    Thanks a million

    ReplyDelete
  12. Still working handsomely. Thanks for sharing this and confirming the steps for me. I work in Active Directory a lot, but haven't had the opportunity to run into this situation until now. Thanks!

    ReplyDelete
  13. thanks for sharing your information, i read your article that's very nice, and very help full. a good explain of chooseing domain name and moving a domain to other domain.
    Cheap India VPS Hosting

    ReplyDelete
  14. Wonderful information, thanks for the great solution.
    Germany VPS Server Hosting

    ReplyDelete
  15. Excellent information of the Microsoft chat and Linux via Wine 3.0. their information is absolutely fresh and best.
    Linux VPS Hosting

    ReplyDelete
  16. Mindblowing, This is an amazing superb article Keep Sharing this...
    Thanks a lot!!!!

    Germany VPS Hosting

    ReplyDelete
  17. thank you very very much, for this post.
    Muitos obrigandos

    ReplyDelete
  18. If you think your spouse is cheating, and you need to hire a real hacker to remotely monitor / hack their phone, recover your stolen bitcoin / any other cryptocurrency, or hack a database and clear bad records with guaranteed privacy, contact easybinarysolutions@gmail.com or whatsapp: +1 3478577580, they are efficient and confidential.

    ReplyDelete