Recently I had an issue where no matter what I tried I could not connect to my Azure VM which was acting as a DC over a site to site VPN.  I enabled diagnostics (see this article) and could see it was in a good state.  I tried resetting the machine to no avail.  Rather than submit a support ticket (because I’m impatient) I decided just to delete the VM, however, this would leave my AD in a mess so I had to manually force the removal using NTDS util.  To do this I used the following steps:

  1. Log on to a working Domain Controller and open a command prompt and run “ntdsutil”.
  2. Run “metadata cleanup”, and then run “connections”.
  3. Run “connect to server servername”, where servername is a DC which is working normally.
  4. Run “quit”, the “Metadata Cleanup” menu appears.
  5. Run “select operation target”, and then run “list domains”.
  6. Run “select domain number”, where number is the number associated with the domain the server you are removing.
  7. Run “list sites”, and then run “select site number”, where number is the number associated with the site the server you are removing is a member of.
  8. Run “list servers in site”, and then run “select server number”, where number is the number associated with the server you want to remove.
  9. Run “quit”, the “Metadata Cleanup” menu appears.
  10. Run “remove selected server”, You should receive confirmation that the connection disconnected successfully.

Don’t forget to delete all remaining DNS records of the cleaned  domain controllers!

image