Delete a DC account:'DSA object cannot be deleted'

G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

One of my Win2000 DCGC crashed.
Since I already have Win2003 DC's introduced in my AD domain, I want to
install Win2003 on such hardware instead.

I ran ntdsutil and I did a metdata cleanup and removed such computer account
from AD. Under AD Sites and services, I deleted the object name from there.

Now I go to AD Users & Computers and I attempt to delete the "DC-server3"
from AD, so that I can join the new Win2003 server under the same name.
When I hit "delete", I get the message
"DSA Object cannot be deleted"
How can I get rid of such computer account from AD ?
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.active_directory (More info?)

The old Windows 2000 GUI is protecting you. In the new GUI you get multiple
choices as to what to do.

You have a couple of options.

1. Use ADSIEDIT to delete the object.
2. Use admod to delete the object.

The admod command would be

admod -b "cn=dcname,ou=domain controllers,dc=domain,dc=com" -rm

With ADSIEDIT you would browse down to the object.

You can get admod here -> http://www.joeware.net/win/free/tools/admod.htm


--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


Marlon wrote:
> One of my Win2000 DCGC crashed.
> Since I already have Win2003 DC's introduced in my AD domain, I want to
> install Win2003 on such hardware instead.
>
> I ran ntdsutil and I did a metdata cleanup and removed such computer account
> from AD. Under AD Sites and services, I deleted the object name from there.
>
> Now I go to AD Users & Computers and I attempt to delete the "DC-server3"
> from AD, so that I can join the new Win2003 server under the same name.
> When I hit "delete", I get the message
> "DSA Object cannot be deleted"
> How can I get rid of such computer account from AD ?
>
>