Manually remove Domain Controller using ntdsutil metadata cleanup and run into DsRemoveDsServerW error 0x21a4

How can I delete a failed Domain Controller object from Active Directory when I ran into an error, "DsRemoveDsServerW error 0x21a4...."?

As part of a successful demotion process, the Dcpromo wizard removes the configuration data for the domain controller from Active Directory, but a failed Dcpromo attempt might leave these objects in place. When you have tried to remove a domain controller from your Active Directory domain by using Dcpromo.exe and failed, or when you began to promote a member server to be a Domain Controller and failed, you would be left with remains of the DC objects in the Active Directory. You can try the following steps to remove the DC from the AD manually. Of course, I ran the following steps myself and it was successfull until I ran into a "DsRemoveDsServerW error 0x21a4..." error message at the last step. Read on to find out how I fixed it.

Background about my environment:
- I have 3 child domains under ewareetc.com domain.
- They are HK, US and CN.
- I wanted to removed HK.ewareetc.com domain from the AD.
- The DC for the HK domain is called HKDC01.
- HKDC01 server and HK domain are what I wanted to remove from the AD.
- I running the utility and commands from my DC called BayAreaDC01 in US.ewareetc.com
because the HKDC01 server has been offline.


Steps:

- on your working DC, Click Start button and click Run.
- type in CMD and hit ENTER. See following steps when you are in the command window.

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

H:\>ntdsutil NOTE: run NTDSUtil at command prompt
ntdsutil: metadata cleanup
metadata cleanup: connections
server connections: connect to server BayAreaDC01 Note: BayAreaDC01 is my DC that is currently working. I need to connect to this one because the DC I wanted to remove is offline.
Binding to BayAreaDC01 ...
Connected to HKDC01 using credentials of locally logged on user. Note: use domanin admin or enterprise admin credentials for this to work
server connections: q
metadata cleanup: select operation target
select operation target: list domains
Found 3 domain(s)
0 - DC=cn,DC=ewareetc,DC=com
1 - DC=us,DC=ewareetc,DC=com
2 - DC=hk,DC=ewareetc,DC=com
select operation target: select domain 2 NOTE: select the domain number where your DC is. I chouse domain 2 because my DC is in HK.ewareetc.com
No current site
Domain - DC=hk,DC=ewareetc,DC=com
No current server
No current Naming Context
select operation target: list sites
Found 5 site(s)
0 - CN=BEJOFFICE,CN=Sites,CN=Configuration,DC=cn,DC=ewareetc,DC=com
1 - CN=CHINAOFFICE,CN=Sites,CN=Configuration,DC=cn,DC=ewareetc,DC=com
2 - CN=Bayarea,CN=Sites,CN=Configuration,DC=cn,DC=ewareetc,DC=com
3 - CN=SHANGHAIOFFICE,CN=Sites,CN=Configuration,DC=cn,DC=ewareetc,DC=com
4 - CN=HK,CN=Sites,CN=Configuration,DC=cn,DC=ewareetc,DC=com
select operation target: select site 4 NOTE: select the site where your domain is. I chose site 4 because my HK.ewareetc.com domain is in HK site.
Site - CN=HK,CN=Sites,CN=Configuration,DC=cn,DC=ewareetc,DC=com
Domain - DC=hk,DC=ewareetc,DC=com
No current server
No current Naming Context
select operation target: list servers in site
Found 1 server(s)
0 - CN=HKDC01,CN=Servers,CN=HK,CN=Sites,CN=Configuration,DC=cn,DC=ewareetc,DC=com
select operation target: select server 0 NOTE: It found the servers in the site. I have one server HKDC01 in the ste and I chose server 0
Site - CN=HK,CN=Sites,CN=Configuration,DC=cn,DC=ewareetc,DC=com
Domain - DC=hk,DC=ewareetc,DC=com
Server - CN=HKDC01,CN=Servers,CN=HK,CN=Sites,CN=Configuration,DC=cn,DC=ewareetc,DC
=com
DSA object - CN=NTDS Settings,CN=HKDC01,CN=Servers,CN=HK,CN=Sites,CN=Confi
guration,DC=cn,DC=ewareetc,DC=com
DNS host name - HKDC01.hk.ewareetc.com
Computer object - CN=HKDC01,OU=Domain Controllers,DC=hk,DC=ewareetc,DC=com

No current Naming Context
select operation target: q
metadata cleanup: remove selected server NOTE: after I quit by issuing "q", I removed the selected server which is HKDC01.hk.ewareetc.com
Transferring / Seizing FSMO roles off the selected server.
Unable to determine FRS owner for role PDC.
Unable to determine FRS owner for role Rid Master.
Unable to determine FRS owner for role Infrastructure Master.
DsRemoveDsServerW error 0x21a4(The Directory Service cannot perform the requeste
d operation because a domain rename operation is in progress.)
NOTE: Now I ran into this error that says a domain rename operation is in progress. This happened because the previous removing process may have left the rename operation locked. It locked the schema and prevented any other DS operations. At this point, leave this command window open and go to the next step.

C:\Temp\MS Tools\domainrename>rendom /end NOTE: Open another command window. I ran "Rendom /end" to unfreeze or unlock the schema. This utility can be downloaded from this site: http://technet.microsoft.com/en-us/windowsserver/bb405948.aspx


The operation completed successfully.

C:\Temp\MS Tools\domainrename>

=========================================
NOTE: now you can go back to the 1st command prompt and rerun the following command
metadata cleanup: remove selected server
Transferring / Seizing FSMO roles off the selected server.
Unable to determine FRS owner for role PDC.
Unable to determine FRS owner for role Rid Master.
Unable to determine FRS owner for role Infrastructure Master.
"CN=HKDC01,CN=Servers,CN=HK,CN=Sites,CN=Configuration,DC=cn,DC=ewareetc,DC=com" re
moved from server "HKDC01" NOTE: it's successfully removed.
metadata cleanup: q NOTE: Type quit, and press Enter until you return to the command prompt.


=======================================================

To remove the failed server object from the sites

1.In Active Directory Sites and Services, expand the appropriate site.
2.Delete the server object associated with the failed domain controller.


To remove the failed server object from the domain controllers container

1.In Active Directory Users and Computers, expand the domain controllers container.
2.Delete the computer object associated with the failed domain controller.


1.Windows Server 2003 AD might display a new type of question window, asking you if you want to delete the server object without performing a DCPROMO operation. Select "This DC is permanently offline..." and click on the Delete button.


2.AD will display another confirmation window. If you're sure that you want to delete the failed object, click Yes.

Hope this is helpful. If you feel that eWare can help you with your computer problems in your business, please visit our website at http://www.ewareetc.com/ or conact us at 925-699-0989 for a free consultation.