**Warning** ntdsutil is a powerful and unforgiving tool. Be sure you know exactly what operations it will be performing before you proceed. You will also want to confirm that the DC you’re removing no longer holds any FSMO roles before proceeding.


This guide will show you how to manually remove a Domain Controller (DC) that is no longer online, or is unable to demote itself as a DC.

Forcibly remove from AD DS using NTDSutil

  • Open cmd.exe and run the following commands
  • Be sure to choose the correct server, or your Active Directory environment could become unstable
  • You will need to replace things like “serverName” with the actual name of the server you’re working with


metadata cleanup


connect to server serverName


select operation target

list domains

select domain domainNumber

list sites

select site siteNumber

list servers in site

select server serverNumber


remove selected server

Click “yes”


Remove the DC from Sites and Services

  • Open “Active Directory Sites and Services” from the programs menu (or run dssite.msc)
  • Navigate to Sites default-first-site-name servers serverName
  • Right-click the serverName and choose “delete”

Manually remove DNS records

  • Browse through DNS and manually remove any associated A, NS, or CNAME records
  • Ensure SRV records no longer exist by opening cmd.exe and running the following commands. If any records for your dead DC, you will need to manually remove them.

  • nslookup

    set type=all