Microsoft KB Archive/328775

= Cannot Delete a Computer Account for the Domain Controller in Windows 2000 =

Article ID: 328775

Article Last Modified on 2/28/2007

-

APPLIES TO


 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Server

-



This article was previously published under Q328775



SYMPTOMS
If you try to delete the computer account for the domain controller in Active Directory Users and Computers, you may receive the following error message:

Error: DSA object cannot be deleted

This problem occurs if you delete the computer account after you have demoted the domain controller by running the dcpromo process on it.



CAUSE
This problem occurs if the value of UserAccountControl is set to 8192.



RESOLUTION
To resolve this issue, change the value of UserAccountControl to 4096.

NOTE: Use this resolution only if one of the following is true:


 * You have demoted the domain controller by running the dcpromo utility on it.
 * The computer hardware failed, you used the ntdsutil process to clean the account's metadata, and then you deleted the account from Active Directory Sites and Services, but you still cannot delete the computer account.


 * 1) Click Start, point to Programs, point to Windows 2000 Support Tools, point to Tools, and then click ADSI Edit.
 * 2) Expand Domain NC, expand dc=domain,dc=com, and then expand ou=domain controllers.
 * 3) Right-click the computer name of the domain controller, and then click Properties.
 * 4) On the Attributes tab, select both properties in the Select which properties to view list box.
 * 5) In the Select a property to view list box, select UserAccountControl.
 * 6) Under Attribute Value, view the value. Make the value 4096 to give the computer account member server status so that you can delete it.
 * 7) Type 4096 in the Edit Attribute box.
 * 8) Click the Set button.
 * 9) Click Apply, and then click OK. Quit ADSI Edit.



MORE INFORMATION
For additional information about metadata cleanup, click the following article numbers to view the articles in the Microsoft Knowledge Base:

216498 HOW TO: Remove Data in Active Directory After an Unsuccessful Domain Controller Demotion

230306 HOW TO: Remove Orphaned Domains from Active Directory

332199 Domain controllers do not demote gracefully when you use the Active Directory Installation Wizard to force demotion in Windows Server 2003 and in Windows 2000 Server

229763 Error Message: DsRemoveDsDomainW Error 0x20ce

Keywords: kbenv kberrmsg kbprb KB328775

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.