Article ID: 826900
Article Last Modified on 10/30/2006
APPLIES TO
- Microsoft Windows 2000 Server
Notice
Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:
256986 Description of the Microsoft Windows Registry
SYMPTOMS
When you use the NTDSUTIL utility (Ntdsutil.exe) to remove an orphaned domain, the domain name is listed with DEL:<GUID> as part of the value, and you may receive the following error message:
Additionally, when you use the ADSI Edit snap-in to remove the orphaned domain object from the Active Directory directory service, you may receive the following error message:
CAUSE
This issue may occur if the orphaned domain is not completely removed.
RESOLUTION
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
To resolve this issue, follow these steps:
- Add the
Allow System Only Change
value to the registry. To do this, follow these steps:- Click Start, and then click Run.
- Type regedit in the Open box, and then click OK.
- Locate the following registry key:
HKEY_Local_Machine/System/CurrentControlSet/Services/NTDS/Parameters
- On the Edit menu, point to New, and then click DWORD Value.
- Type Allow System Only Change in the Value Name box.
- Double-click Allow System Only Change.
- In the Value Data area, type 1, and then click OK.
- Close registry editor.
- Use ADSIedit to modify the nCName attribute of the cross-ref object for the orphaned domain. Remove the DEL:<GUID> portion of the value. To do this, follow these steps:
- Click Start, point to Programs, point to Windows 2000 Support Tools, point to Tools, and then click ADSI Edit.
- Locate the nCName attribute for the orphaned domain object, right-click the object, and then click Settings.
- Remove the DEL:<GUID> portion of the value.
- Use NTDSUTIL to remove the orphaned domain. To do this, follow these steps:
- Click Start, and then click Run.
- In the Open box, type ntdsutil, and then click OK.
- Type metadata cleanup, and then press ENTER. Based on the options that are specified, the administrator can perform the removal, but additional configuration parameters must be specified before the removal may occur.
- Type connections, and then press ENTER. This menu is used to connect to the specific server where the changes occur.
Note If you (as the currently logged-on user) do not have administrator permissions, you must specify administrator credentials before you make the connection. To do so, type set credsDomainName
Username
password
, and then press ENTER. For a null password, type null for the password parameter. - Type connect to server
ServerName
, and then press ENTER. You must receive confirmation that the connection is successfully established. If an error occurs, verify that the domain controller that is being used in the connection is available and that the credentials that you supplied have administrative permissions on the server.
Note If you try to connect to the same server that you want to delete, when you try to delete the server that step o refers to, you may receive the following error message: - Type quit, and then press ENTER. The Metadata Cleanup menu appears.
- Type select operation target, and then press ENTER.
- Type list domains, and then press ENTER. A list of domains in the forest is displayed, each with an associated number.
- Type select domain
number
, and then press ENTER, wherenumber
is the number that is associated with the domain that the server that you are removing is a member of. The domain that you select is used to determine if the server being removed is the last domain controller of that domain. - Type list sites, and then press ENTER. A list of sites, each with an associated number, is displayed.
- Type select site
number
, and then press ENTER, wherenumber
is the number that is associated with the site that the server that you are removing is a member of. You must receive a confirmation that lists the site and domain that you selected. - Type list servers in site, and then press ENTER. A list of servers in the site, each with an associated number, is displayed.
- Type select server number, where number is the number that is associated with the server that you want to remove. You receive a confirmation that lists the selected server, its Domain Name Server (DNS) host name, and the location of the server's computer account that you want to remove.
- Type quit, and then press ENTER. The Metadata Cleanup menu appears.
- Type remove selected server, and then press ENTER. You must receive confirmation that the removal completed successfully. If you receive the following error message
the NTDS Settings object may have already been removed from Active Directory by another administrator, or by replication of the successful removal of the object after you run the DCPROMO utility.
Note You may also see this error when you try to bind to the domain controller that is going to be removed. Ntdsutil must bind to a domain controller other than the one that is going to be removed by metadata cleanup.
- Type quit at each menu to quit the NTDSUTIL utility. You must receive confirmation that the connection disconnected successfully.
- Remove the cname record in the _msdcs.root domain of forest zone in DNS. Assuming that the domain controller is going to be reinstalled and repromoted, a new NTDS settings object is created with a new GUID and a matching cname record in DNS. You do not want the domain controllers that exist to use the old cname record.
As a best practice, Microsoft recommends that you delete the host name and the other DNS records. If the lease time that remains on the Dynamic Host Configuration Protocol (DHCP) address that is assigned to an offline server is exceeded, another client can obtain the IP address of the problem domain controller.
REFERENCES
For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:
216498 HOW TO: Remove Data in Active Directory After an Unsuccessful Domain Controller Demotion
251307 HOW TO: Remove Orphaned Domains from Active Directory Without Demoting the Domain Controllers
230306 HOW TO: Remove Orphaned Domains from Active Directory
Additional query words: orphan domain ntdsutil error 0x2077 remove removal xadm
Keywords: kberrmsg kbprb KB826900