Connect to the Domain Naming FSMO holder for your forest
4. Connect to <Server>
First of all remove any Domain Controllers from the Domain you wish to remove.
Quit Connections (Q)
1. Quit
Select the object you want to remove by using Select Operations Target ( S O T for short)
2. Select Operations Target
List the Domains in your Forest
3. List Domains
Connect to Domain you wish to remove
4. Select Domain <number>
List the Sites in your Forest and Select the Site which contains the first (or only) domain controller you wish to remove
5. Select Site <number>
List Domain Controllers in the site you connected to above
1. List Servers in Site
Select Domain Controller you want to remove
2. Select Server <number>
You are ready to remove the Domain Controllers
1. Quit
Remove the Domain Controller
2. Remove Selected Server
3. Select Yes on the pop up window
4. Select Yes on the pop up windows
5. You will get back a message saying the Domain Controller has been removed.
Then you need to remove the naming contexts for the Domain you wish to remove.
Move back to the objects you can select to select the Naming Context you want to remove
1. S O T
List the naming contexts for your Forest
2. List Naming Contexts
Select the Naming Context you wish to remove
3. Select Naming Context <number>
Then quit back to remove the Naming Context
1. Quit
2. Remove Selected Naming Context
3. Select yes to remove the naming Context
4. You will get back a message saying the Naming Context has been removed.
Repeat the above steps for all Domain Controllers and Naming Contexts for the Domain you wish to remove.
Next you need to remove the Domain itself !!PLEASE TAKE NOTE OF THE MESSAGE !!!
1. Remove Selected Domain
And thats it .. should be all gone..
PERFORMING ACTIVE DIRECTORY METADATA CLEANUP
When deleting a domain controller from Active Directory, it is advisable to use the DCPromo (demote) procedure, which allows you to correctly delete all records about the old domain controller from the Active Directory database (the computer object, NTDS Settings, site settings, cross-site links and replication metadata).
If for some reason your controller fails and it is not planned to return it, you can perform forced removal of the failed domain controller. This procedure is called Metadata cleanup. When you perform metadata cleanup, you will delete all data about the failed DC from Active Directory Domain Services (AD DS). This correctly cleans replication metadata, including the objects in File Replication Service (FRS) and Distributed File System (DFS).
Hint. Keep in mind to check that there are no FSMO roles on the broken DC, and if necessary, you can seize these roles to another DC.
In a domain with a functional level of Windows Server 2008 R2 and newer, you can clean server metadata using the standard Active Directory Users and Computers snap-in (dsa.msc) graphical console.
To do this, just find the failed DC in the ADUC console and delete it as a regular computer object. Right-click on it, select Delete, and confirm the deletion.
In the next dialog box, check the item “This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPromo)”, and click Delete button.
Hint. If the following error appears when you try to remove a DC “You do not have sufficient privileges to delete DC02, or this object is protected from accidental deletion”, please make sure:
Your account is a member of the Domain admins group;
The option “Protect object from accidental deletion” must be disabled in the object properties (ADUC snap-in > DC > Object tab).
Then you need to open the Active Directory Sites and Services snap-in (dssite.msc) and delete the corresponding NTDS Settings object (expand the domain controller site, which forcibly removed, expand Servers > expand the DC name, right click on the NTDS Settings object > Delete ). Confirm the deletion of the object.
Next, ADDS will automatically perform metadata cleanup.
You can also clean up server metadata using the command-line tool ntdsutil (this is the only correct way to force remove failed DC in domains with a functional level of Windows Server 2008 and lower).
Run command prompt as an administrator on any of the remaining domain controllers.
Type ntdsutil on the command line and press Enter.
Enter the following commands one after another:
metadata cleanup
remove selected server <failedDCName>
# specify the name of the DC to be removed from the AD database
Press Yes to correctly remove the DC object and metadata.
Type quit.
Verify that the domain controller has been successfully removed:
Run the ADUC console. Make sure that the domain controller that you deleted has disappeared from the Domain Controllers container;
Launch Sites and Services snap-in, check if your DC object does not contain an NTDS Settings object. If so, you can delete the server object in the console.
