Home > Quickie, Security, Windows > Quickie: Remove data in AD after unsuccessful domain controller demotion

Quickie: Remove data in AD after unsuccessful domain controller demotion

Today my ex-colleague called me that Windows 2000 Active Directory domain, he is taking care of, is not fully functional. He mentioned that “primary” domain controller is dead and now domain has some problems.

I had to seize all FSMO roles to live Domain Controller using ntdsutils as mentioned at this Microsoft article:

http://support.microsoft.com/kb/255504

I manually deleted dead domain controller’s information from Active Directory using following Microsoft article:

http://support.microsoft.com/kb/216498

After checking events I found out that there was also Certification Authority on dead domain controller and I needed to clean up all Enterprise Domain Certification Autorhority information from Active Directory Domain using following Microsoft article:

http://support.microsoft.com/kb/555151

PS: Don’t forget to put your account into all “administrative” groups: Domain Admins, Enterprise Admins and Schem Admins.

  1. No comments yet.
  1. No trackbacks yet.