RESOLUTION

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To resolve this issue, follow these steps:

1. Add the Allow System Only Change value to the registry. To do this, follow these steps:
   1. Click Start, and then click Run.
   2. Type regedit in the Open box, and then click OK.
   3. Locate the following registry key:

      HKEY_Local_Machine/System/CurrentControlSet/Services/NTDS/Parameters

   4. On the Edit menu, point to New, and then click DWORD Value.
   5. Type Allow System Only Change in the Value Name box.
   6. Double-click Allow System Only Change.
   7. In the Value Data area, type 1, and then click OK.
   8. Close registry editor.
2. Use ADSIedit to modify the nCName attribute of the cross-ref object for the orphaned domain. Remove the DEL:<GUID> portion of the value. To do this, follow these steps:
   1. Click Start, point to Programs, point to Windows 2000 Support Tools, point to Tools, and then click ADSI Edit.
   2. Locate the nCName attribute for the orphaned domain object, right-click the object, and then click Settings.
   3. Remove the DEL:<GUID> portion of the value.
3. Use NTDSUTIL to remove the orphaned domain. To do this, follow these steps:
   1. Click Start, and then click Run.
   2. In the Open box, type ntdsutil, and then click OK.
   3. Type metadata cleanup, and then press ENTER. Based on the options that are specified, the administrator can perform the removal, but additional configuration parameters must be specified before the removal may occur.
   4. Type connections, and then press ENTER. This menu is used to connect to the specific server where the changes occur.
      
      Note If you (as the currently logged-on user) do not have administrator permissions, you must specify administrator credentials before you make the connection. To do so, type set creds DomainNameUsernamepassword, and then press ENTER. For a null password, type null for the password parameter.
   5. Type connect to server ServerName, and then press ENTER. You must receive confirmation that the connection is successfully established. If an error occurs, verify that the domain controller that is being used in the connection is available and that the credentials that you supplied have administrative permissions on the server.
      
      Note If you try to connect to the same server that you want to delete, when you try to delete the server that step o refers to, you may receive the following error message:

      Error 2094. The DSA Object cannot be deleted0x2094

   6. Type quit, and then press ENTER. The Metadata Cleanup menu appears.
   7. Type select operation target, and then press ENTER.
   8. Type list domains, and then press ENTER. A list of domains in the forest is displayed, each with an associated number.
   9. Type select domain number, and then press ENTER, where number is the number that is associated with the domain that the server that you are removing is a member of. The domain that you select is used to determine if the server being removed is the last domain controller of that domain.
   10. Type list sites, and then press ENTER. A list of sites, each with an associated number, is displayed.
   11. Type select site number, and then press ENTER, where number is the number that is associated with the site that the server that you are removing is a member of. You must receive a confirmation that lists the site and domain that you selected.
   12. Type list servers in site, and then press ENTER. A list of servers in the site, each with an associated number, is displayed.
   13. Type select server number, where number is the number that is associated with the server that you want to remove. You receive a confirmation that lists the selected server, its Domain Name Server (DNS) host name, and the location of the server's computer account that you want to remove.
   14. Type quit, and then press ENTER. The Metadata Cleanup menu appears.
   15. Type remove selected server, and then press ENTER. You must receive confirmation that the removal completed successfully. If you receive the following error message
       

       Error 8419 (0x20E3)
       The DSA object could not be found

       the NTDS Settings object may have already been removed from Active Directory by another administrator, or by replication of the successful removal of the object after you run the DCPROMO utility.
       
       

       Note You may also see this error when you try to bind to the domain controller that is going to be removed. Ntdsutil must bind to a domain controller other than the one that is going to be removed by metadata cleanup.
   16. Type quit at each menu to quit the NTDSUTIL utility. You must receive confirmation that the connection disconnected successfully.
   17. Remove the cname record in the _msdcs.root domain of forest zone in DNS. Assuming that the domain controller is going to be reinstalled and repromoted, a new NTDS settings object is created with a new GUID and a matching cname record in DNS. You do not want the domain controllers that exist to use the old cname record.
       
       As a best practice, Microsoft recommends that you delete the host name and the other DNS records. If the lease time that remains on the Dynamic Host Configuration Protocol (DHCP) address that is assigned to an offline server is exceeded, another client can obtain the IP address of the problem domain controller.