I maintain a small network, less than 100 computers. I have access to five servers, I'll use them as a backup in case anything goes wrong here.

I have two domain controllers, DC1 - just installed W2K3 and DC2 - W2K. Some time in the past, I don't know when, DC2 took over for DC1. I don't know why it happened, probably a bad NIC. Well, I'm stuck cleaning up the mess.

Both DC's function, now. DC1 is in a workgroup and DC2 is on my domain. DC2 houses DHCP, WINS, DNS, AD and is a file server. I want the same name on DC1. DC2 won't let me delete DC1 out of AD. DC1 won't join to the domain.

I have tried: NTDSUtil, removing all known items from DNS, WINS and ADUC/ADSS/ADDT and I can't get any farther than that. I can't get ADSIEdit to work. I did use adprep on DC2 so I could upgrade the domain to a W2K3 domain.

If you want the errors, I'll post them in my next reply, I need to go in the server room and write them all down.

What else can I do?

Thanks in advance

"DC1 is in a workgroup"
Then its not a DC then is it?

"DC2 took over for DC1"
Active Directory doesn't work like that.

"I want the same name on DC1. DC2 won't let me delete DC1 out of AD"
You don't have a DC1. Its in a workgroup. So I have to think you mean you can't delete dc2 out of AD.

Well no duh! DC2 is your ONLY domain controller.
kennyrogersjr did you even try to research this before you began? Clearly not since you are "removing all known items from DNS, WINS and ADUC/ADSS/ADDT and I can't get any farther than that"

Get a book on AD and read it. In the meantime if you haven't screwed things up so badly you will be installing AD from scratch...

Make sure the DC2 and DC1 have DNS and Wins entries. Basically put back what you removed. Test name resolution to make sure its working again.
Add the 2003 server to the domain using a different name and ip than dc2.

Configure DNS, DHCP and Wins on dc1
Transfer the FSMO roles from DC2 to DC1
Make DC1 a global catalog holder
Make sure replication is working and there are no errors in event viewer.
Dcpromo down DC2 {note: major mistake -MS recommends a MINIMUM of TWO domain controllers for failover and authenication load balancing}
Rename and reip DC1. Update the DNS, Wins entries.

Best of luck and do your homework before you start a project.

Imagine the power if you knew how to internet search

I'm glad that I got you worked up. I'm happy for you. Now calm down. DC1 and DC2 are just the names I was using.

DC2 did take over all of the FSMO rules and is the GC.

When I said "removing all known items from..." I was indicating that I removed all DC1's associations with those programs.

All I want to do is remove the DC1 entry out of the Domain Controllers OU. DC1 won't go on the domain as the old name. It will go on the domain as a different name, however, I can't install AD on it.

The error when I try to delete the DC1 object is "The DSA object cannot be deleted." When I try to add the same named computer back on the domain, it tells me that the user already exists.

If anybody would, kindly, reply to this and offer some useful suggestions, I would really appreciate it.

(PS. What kind of lame user that did no research would even know what ntdsutil and adsiedit even are??? Go cleanup your metadata...it's coming out your ears)

I'm guessing kennyjr will get a lot of helpful advice with that gracious attitude.

Life's more painless for the brainless.

I was a bit caustic in my approach. So some sarcasm in response is OK.

Guess you missed in your research how to do this the correct way kennyrogersjr. You really MUST get a AD/2003 book and read it or get to a class or two. You are way off on your understanding and approach to your network.

"When I said "removing all known items from..." I was indicating that I removed all DC1's associations with those programs."

Oh I understood what you said. Problem is you didn't understand what the problem was and then approached it by dropping an atomic bomb on AD. I just hope you didn't screw AD up beyond repair.

Did you do a system state backup of DC2 BEFORE you began your mass edits? If so restore it. If not...guess you will know for next time.

"I can't install AD on it" You mean you can't join the 2003 server to the 2000 domain, correct?

Did you get errors when you ran adprep?
How did DC1 get under a OU and not domain controllers in AD?
This is a 2000 AD network and you just added 2003 correct?

It still is not clear if you are clear on what a DC is or how AD differs from a workgroup. You write DC1 is in a workgroup so it can't be a DC. You write about removing AD OU entries for DC1 from the 2000 AD which tells me you added it as a member server. It could never have been a DC without running adprep correctly. You say that at some point the 2000 DC took over for the 2003 DC but that can't be the case either because it was never a DC to begin with.

Talk about having to clean up metadata...

I wouldn't have any faith in your "backup" servers if this is the level of AD understanding. My suggestion is quietly hire a AD/2003 consultant to get everything configured and running correctly.

Imagine the power if you knew how to internet search

I guess I'm not explaining it right. I didn't mess anything up. DC1 is the name of the server that used to be a domain controller; in other words, it was the PDC.

I arrived at my work center and it wasn't working. DC2 had the 3 FSMO roles it needed, like a BDC should. I forced the 2 remaining roles on DC2. It is the PDC for this domain, now. As a matter of fact. There is nothing wrong with this domain what-so-ever, well...besides the fact that it only has one DC.

The task that I have at hand is to remove a nonexistant domain controller out of active directory. I cannot delete the object. I just want to delete the object. Will you just tell me how to delete the object? When I delete it, I can add the server (DC1) to the domain with the name that I want to name it and all of this will be over.

There is no backup to fall back on, because the system administrator didn't do anything back then.

I'm sorry for dragging this out, but we keep straying from the question that I needed to ask. (the part about removing the object from AD)

Sad to say, I've been to several AD classes and I have about four AD books that I've read front to back, in my office. I just really suck at explaining things.

"The task that I have at hand is to remove a nonexistant domain controller out of active directory"

Your only choice is to follow these articles.

http://technet2.microsoft.com/windo...

http://technet2.microsoft.com/windo...

http://www.petri.co.il/delete_faile...

I would suggest you use the most recent version of Ntdsutil which is the 2003 version. If you have done this and the problem remains AD is corrupt and there is no fix. If you have a past backup of the DC that also captured the system state I would restore the system state and then try again. Reinstallation from scratch is required which makes for a very long weekend.

Best of luck.

Imagine the power if you knew how to internet search

Problem solved. I used one of my spare servers. I installed W2K3 on it. Installed ADSIEdit. Manually deleted the entry that I needed out, and voila! Everything works great now. I have AD installed on my "DC1" and I'm good to go. :)