Share via

Win 2012R2 Hyper-V host AD clean up (Host is no longer a domain controller)

JeffR 21 Reputation points
2021-11-19T15:05:02.257+00:00

Hi,

Our host server, previously had AD installed on it but it was since removed via server manager, Manage, Remove Roles and Features. The FSMO roles are held by a VM but the host server is still listed under the Domain Controller leaf in Active Directory Users and Computers on the VM. It could be because we had to restore the VM to a date before AD was removed from the Host server. We don’t want to remove the host from AD Users and Computers but we do want to remove and clean-up any traces of it being a domain controller.

Is it safe to remove the DFSR-Local Settings branch under the Hyper-V server, then move the server to the Computer leaf, then run NTDSUTIL metadata cleanup remove selected server <Host Server name> or is there a better procedure please?

Thanks,
Jeff

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | Other
0 comments
Accepted answer
  1. Anonymous
    2021-11-19T16:03:28.873+00:00

    You can follow along here to perform cleanup. Removing the host from domain if needed, then after cleanup and things are cleared up you can join host back to domain. Just make sure you know the password to local administrator account before hand.
    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/ad-ds-metadata-cleanup
    https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

    --please don't forget to upvote and Accept as answer if the reply is helpful--

2 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. JeffR 21 Reputation points
    2021-11-21T14:20:57.33+00:00

    Hi @Anonymous
    Thanks so much for your help. I hadn’t had time to look at it until tonight. In summary, when I attempted the NTDSUtil options, I perpetually got LDAP errors at "remove selected server <Server_name>" at the metadata clean up option. On another article I found, I connected to the domain controller listed sites, domains, sites, servers, but at "list servers in site" command, no servers were listed.

    Then tried the GUI options. From the Active Directory Users & Computers selected change domain controller to delete it. Got the error "The following domain controller could not be contacted". <server.FNDQ>. The server is not operational

    I deleted the unwanted DC from the Domain Controller branch in Users & Computers. I then attempted to do the same in Sites & Services but got error – Windows could not delete the object because directory object not found. As a last resort I removed the server from the domain by joining it to a workgroup, then changed it back to the domain and rebooted the host and that seems to have `cleaned up Active Directory.

    0 comments
  2. Anonymous
    2021-11-21T14:23:08.773+00:00

    Glad to hear of success, you're welcome.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.