How do I remove a BDC from active directory? 2

[dalchri]

About a year ago I turned our Windows 2k BDC into a Linux server after I discovered that my predecessor used the same 2k license 3 times on our network.

Now that I am cleaning up the AD, I find that I cannot get rid of the entry for the BDC from the Domain Controllers group.

If I try to uncheck the box that says "Trust this computer for delegation", I get this error: "Your security settings do not allow you to specificy whether or not this account is to be trusted for delegation."

If I try to change the primary group so that it is not a member of the domain controllers group I get, "Cannot change the primary group id of a domain controller."

If I try to delete the PDC object I get, "The DSA object cannot be deleted."

All of the technical articles that I've seen so far indicate that you must remove AD from the server, run DCPromo.exe or do something on the server that is to be removed or demoted. Unfortunately, this server no longer exists.

What do I need to do to get this old BDC out of AD?

Thank you for any suggestions or pointers to articles.

 

[buddafish]

look into ntdsutil.exe. this utility will allow you to list , then remove servers from active directory.

scottie

 

[markdmac]

You should verify that the server you are trying to delete was not a FSMO role holder. If it was you will need to seize those roles.

ntdsutil will do what you are looking for as budafish suggests, however it is cumbersome.

Take a look at my FAQ faq96-4733 for a script written by Microsoft that will do it for you in just a few clicks.

You should also verify after running either ntdsutil or the script that the server is not listed in DNS.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark