WinServer2025 – P17 How to Remove a Failed Domain Controller in Windows Server 2025

When a Primary Domain Controller (PDC) fails permanently and cannot be brought back online, simply shutting it down is not enough. The failed controller still exists inside Active Directory metadata, which can cause replication errors, DNS issues, and authentication problems.

In this guide, you will learn how to properly Delete PDC died using ntdsutil metadata cleanup in Windows Server 2025. This is the correct and supported method for removing a failed Domain Controller from Active Directory.

This tutorial follows a real-world scenario where:

• DC-01 (old PDC) is dead

• DC-02 (ADC) is promoted and becomes the new PDC

• We now need to remove DC-01 cleanly from AD

⚠ When Should You Delete a Failed DC?

You should perform metadata cleanup when:

• The Domain Controller hardware is destroyed

• The OS is corrupted and unrecoverable

• You cannot demote the DC gracefully

• The server will never return to the domain

If the DC can still boot, always attempt normal demotion first.

#1️⃣ Step 1: Delete PDC died (Metadata Cleanup)

On the new PDC (formerly ADC), open Command Prompt as Administrator.

From ADC to PDC, open CMD

Type:

Next, type:

Then, type:

At the server connections prompt, type:

(the full name of the new PDC)

Next, type:

Then type:

Now we begin selecting the correct domain, site, and server.

Type:

Notice the line:

“found 1 domain(s)”

It only shows 1 TSF domain. Therefore we select 0, corresponding to the domain we have (TSF). If you have multiple domains, they will also be listed here.

Type:

Next, type:

Look at:

“found 1 site(s)”

By default, we have 1 site corresponding to number 0.

Type:

Next, use the command:

You will see something like:

• DC-01 (server 1 – dead – corresponding to number 0)

• DC-02 (server 2 – alive – corresponding to number 1)

Since we want to remove dead server 1, type:

Next, type:

Now execute:

A confirmation message will appear asking if you want to remove it.

Select YES and wait about 30 seconds for it to remove server 1.

After completion, enter:

Then:

Then:

to close CMD.

🧹 Clean Up in Active Directory

Open:

Active Directory Sites and Services

Delete:

DC-01

Next, open:

Active Directory Users and Computers → Domain Controllers

Check whether DC-01 still exists.

If it is still there, delete it manually.

At this point, you have successfully completed the Delete PDC died process.

#2️⃣ Step 2: Config DNS

After removing a failed Domain Controller, DNS configuration must be verified.

Ensure:

• No DNS records pointing to the dead DC

• No NS records referencing DC-01

• No A record for the failed server

• Replication is healthy

If stale DNS records remain, clients may attempt to authenticate against a non-existent DC.

#3️⃣ Step 3: Create DHCP Scope Again

If the failed DC was also hosting DHCP:

• Reconfigure DHCP on the new server

• Recreate DHCP Scope

• Authorize DHCP in Active Directory

• Verify clients receive correct IP configuration

This ensures:

• Clients obtain proper DNS server settings

• Authentication requests reach the new PDC

🔎 Common Issues After Removing a Dead DC

Even after metadata cleanup, always verify:

• repadmin /replsummary

• dcdiag /v

• DNS health

• SYSVOL replication

If errors appear, review replication topology and DNS delegation.

Proper cleanup prevents:

• Lingering objects

• Replication failures

• Authentication delays

• Group Policy errors

🏁 Conclusion

Removing a failed Domain Controller is not just about deleting a server object. It requires proper metadata cleanup using ntdsutil.

This guide showed how to safely:

• Connect to the new PDC

• Select the correct domain and site

• Remove the dead DC

• Clean up AD objects

• Reconfigure DNS and DHCP

By correctly performing the Delete PDC died process in Windows Server 2025, you ensure:

• Active Directory remains healthy

• Replication continues properly

• Clients authenticate without disruption

Handling failed Domain Controllers correctly is a critical skill for every system administrator managing enterprise environments.