**Warning** ntdsutil is a powerful and unforgiving tool. Be sure you know exactly what operations it will be performing before you proceed. You will also want to confirm that the DC you’re removing no longer holds any FSMO roles before proceeding.
Overview
This guide will show you how to manually remove a Domain Controller (DC) that is no longer online, or is unable to demote itself as a DC.
Forcibly remove from AD DS using NTDSutil
- Open cmd.exe and run the following commands
- Be sure to choose the correct server, or your Active Directory environment could become unstable
- You will need to replace things like “serverName” with the actual name of the server you’re working with
ntdsutil
metadata cleanup
connections
connect to server serverName
q
select operation target
list domains
select domain domainNumber
list sites
select site siteNumber
list servers in site
select server serverNumber
q
remove selected server
Click “yes”
q
Remove the DC from Sites and Services
- Open “Active Directory Sites and Services” from the programs menu (or run dssite.msc)
- Navigate to Sites → default-first-site-name → servers → serverName
- Right-click the serverName and choose “delete”
Manually remove DNS records
- Browse through DNS and manually remove any associated A, NS, or CNAME records
- Ensure SRV records no longer exist by opening cmd.exe and running the following commands. If any records for your dead DC, you will need to manually remove them.
nslookup
set type=all
_ldap._tcp.dc._msdcs.domainName