The rest of this file was grabbed from http://www.tek-tips.com/faqs.cfm?fid=4733
Active Directory: DC and FSMO
How do I seize FSMO roles or forcefully remove a DC?
This document details steps to be taken to correct replication problems between Domain Controllers and also serves as a point of reference for forcefully removing a DC from the domain.
It is important to identify which DC holds the most recent updates of AD. Check for recently created objects such as users or groups or machine accounts. When removing the DC from the domain, any objects that only exist on this server will be lost.
As a naming convention this document will refer to ServerGood and ServerBad where ServerGood is the DC that will remain in the domain and ServerBad is the DC to be removed.
To seize or transfer the FSMO roles by using Ntdsutil, follow these steps:
Note Microsoft recommends that you use the domain controller that is taking the FSMO roles.
Note All five roles need to be in the forest. If the first domain controller is out of the forest then seize all roles. Determine which roles are to be on which remaining domain controllers so that all five roles are not on only one server.
Microsoft recommends that you only seize all roles when the other domain controller is not returning to the domain, otherwise fix the broken domain controller with the roles.
Note If the domain controller that formerly held any FSMO role is not present in the domain and if it has had its roles seized by the earlier steps in this article, remove it from the Active Directory by following the procedure that is outlined in the following Microsoft Knowledge Base article: For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
216498 HOW TO: Remove Data in Active Directory After an Unsuccessful Domain Controller Demotion
If the original domain controller with the FSMO roles is still online, transfer the roles. Type transfer role.
Do not put the Infrastructure Master role on the same domain controller as the global catalog.
To check if a domain controller is also a global catalog server:
Now that the NTDS Settings object has been deleted, you can delete the computer account, the FRS member object, the cname (or Alias) record in the _msdcs container, the A (or Host) record in DNS, the trustDomain object for a deleted child domain, and the domain controller.
Note: you may need to expand the object and manually delete child objects to delete the computer account if you receive a message that you have insufficient rights to delete the computer account..
If you receive the "DSA object cannot be deleted" error when you try to delete the object, change the UserAccountControl value. To change the UserAccountControl value, right-click the domain controller in ADSIEdit, and then click Properties. Under Select a property to view, click UserAccountControl. Click Clear, change the value to 4096, and then click Set. You can now delete the object.
Note The FRS subscriber object is deleted when the computer object is deleted because it is a child of the computer account.
Important If this was a DNS server, remove the reference to this DC under the Name Servers tab. To do this, in the DNS console, click the domain name under Forward Lookup Zones, and then remove this server from the Name Servers tab.
Note If you have reverse lookup zones, also remove the server from these zones.
Copy all of the following text to a text file. Name the file MetaCleaner.vbs.
REM ========================================================== REM GUI Metadata Cleanup Utility REM Written By Clay Perrine - firstname.lastname@example.org REM Version 2.5 REM ========================================================== REM This tool is furnished "AS IS". NO warranty is expressed or Implied. on error resume next dim objRoot,oDC,sPath,outval,oDCSelect,objConfiguration,objContainer,errval,ODCPath,ckdcPath,myObj,comparename rem =======This gets the name of the computer that the script is run on ====== Set sh = CreateObject("WScript.Shell") key= "HKEY_LOCAL_MACHINE" computerName = sh.RegRead(key & "\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName\ComputerName") rem === Get the default naming context of the domain==== set objRoot=GetObject("LDAP://RootDSE") sPath = "LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext") rem === Get the list of domain controllers==== Set objConfiguration = GetObject(sPath) For Each objContainer in objConfiguration outval = outval & vbtab & objContainer.Name & VBCRLF Next outval = Replace(outval, "CN=", "") rem ==Retrieve the name of the broken DC from the user and verify it's not this DC.=== oDCSelect= InputBox (outval,"Type the Name of the Problem Domain Controller","") comparename = UCase(oDCSelect) if comparename = computerName then msgbox "The Domain Controller you entered is the machine that is running this script." & vbcrlf & "You cannot clean up the metadata for the machine that is running the script!",,"Metadata Cleanup Utility Error." wscript.quit End If sPath = "LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext") Set objConfiguration = GetObject(sPath) For Each objContainer in objConfiguration Err.Clear ckdcPath = "LDAP://" & "CN=" & oDCSelect & ",OU=Domain Controllers," & objRoot.Get("defaultNamingContext") set myObj=GetObject(ckdcPath) If err.number <>0 Then errval= 1 End If Next If errval = 1 then msgbox "The Domain Controller you entered was not found in the Active Directory",,"Metadata Cleanup Utility Error." wscript.quit End If abort = msgbox ("You are about to remove all metadata for the server " & oDCSelect & "! Are you sure?",4404,"WARNING!!") if abort <> 6 then msgbox "Metadata Cleanup Aborted.",,"Metadata Cleanup Utility Error." wscript.quit end if oDCSelect = "CN=" & oDCSelect ODCPath ="LDAP://" & oDCselect & ",OU=Domain Controllers," & objRoot.Get("defaultNamingContext") sSitelist = "LDAP://CN=Sites,CN=Configuration," & objRoot.Get("defaultNamingContext") Set objConfiguration = GetObject(sSitelist) For Each objContainer in objConfiguration Err.Clear sitePath = "LDAP://" & oDCSelect & ",CN=Servers," & objContainer.Name & ",CN=Sites,CN=Configuration," & objRoot.Get("defaultNamingContext") set myObj=GetObject(sitePath) If err.number = 0 Then siteval = sitePath End If Next sFRSSysvolList = "LDAP://CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System," & objRoot.Get("defaultNamingContext") Set objConfiguration = GetObject(sFRSSysvolList) For Each objContainer in objConfiguration Err.Clear SYSVOLPath = "LDAP://" & oDCSelect & ",CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System," & objRoot.Get("defaultNamingContext") set myObj=GetObject(SYSVOLPath) If err.number = 0 Then SYSVOLval = SYSVOLPath End If Next SiteList = Replace(sSitelist, "LDAP://", "") VarSitelist = "LDAP://CN=Sites,CN=Configuration," & objRoot.Get("defaultNamingContext") Set SiteConfiguration = GetObject(VarSitelist) For Each SiteContainer in SiteConfiguration Sitevar = SiteContainer.Name VarPath ="LDAP://OU=Domain Controllers," & objRoot.Get("defaultNamingContext") Set DCConfiguration = GetObject(VarPath) For Each DomContainer in DCConfiguration DCVar = DomContainer.Name strFromServer = "" NTDSPATH = DCVar & ",CN=Servers," & SiteVar & "," & SiteList GuidPath = "LDAP://CN=NTDS Settings,"& NTDSPATH Set objCheck = GetObject(NTDSPATH) For Each CheckContainer in objCheck rem ====check for valid site paths ======================= ldapntdspath = "LDAP://" & NTDSPATH Err.Clear set exists=GetObject(ldapntdspath) If err.number = 0 Then Set oGuidGet = GetObject(GuidPath) For Each objContainer in oGuidGet oGuid = objContainer.Name oGuidPath = "LDAP://" & oGuid & ",CN=NTDS Settings," & NTDSPATH Set objSitelink = GetObject(oGuidPath) objSiteLink.GetInfo strFromServer = objSiteLink.Get("fromServer") ispresent = Instr(1,strFromServer,oDCSelect,1) if ispresent <> 0 then Set objReplLinkVal = GetObject(oGuidPath) objReplLinkVal.DeleteObject(0) else end if next sitedelval = "CN=" & comparename & ",CN=Servers," & SiteVar & "," & SiteList if sitedelval = ntdspath then Set objguidpath = GetObject(guidpath) objguidpath.DeleteObject(0) Set objntdspath = GetObject(ldapntdspath) objntdspath.DeleteObject(0) else end if End If next next next Set AccountObject = GetObject(ckdcPath) temp=Accountobject.Get ("userAccountControl") AccountObject.Put "userAccountControl", "4096" AccountObject.SetInfo Set objFRSSysvol = GetObject(SYSVOLval) objFRSSysvol.DeleteObject(0) Set objComputer = GetObject(ckdcPath) objComputer.DeleteObject(0) Set objConfig = GetObject(siteval) objConfig.DeleteObject(0) oDCSelect = Replace(oDCSelect, "CN=", "") msgval = "Metadata Cleanup Completed for " & oDCSelect msgbox msgval,,"Notice." wscript.quit