**Warning** ntdsutil is a powerful and unforgiving tool. Be sure you know exactly what operations it will be performing before you proceed. You will also want to confirm that the DC you’re removing no longer holds any FSMO roles before proceeding.
This guide will show you how to manually remove a Domain Controller (DC) that is no longer online, or is unable to demote itself as a DC.
Forcibly remove from AD DS using NTDSutil
- Open cmd.exe and run the following commands
- Be sure to choose the correct server, or your Active Directory environment could become unstable
- You will need to replace things like “serverName” with the actual name of the server you’re working with
connect to server serverName
select operation target
select domain domainNumber
select site siteNumber
list servers in site
select server serverNumber
remove selected server
Remove the DC from Sites and Services
- Open “Active Directory Sites and Services” from the programs menu (or run dssite.msc)
- Navigate to Sites → default-first-site-name → servers → serverName
- Right-click the serverName and choose “delete”
Manually remove DNS records
- Browse through DNS and manually remove any associated A, NS, or CNAME records
- Ensure SRV records no longer exist by opening cmd.exe and running the following commands. If any records for your dead DC, you will need to manually remove them.