Share |

DsRemoveDsDomainW error 0x2162 The requested domain could not be deleted because there exist domain controllers that still host this domain.

This error occurs when trying to remove a child domain from a parent domain with ntdsutil OR if you try to reinstall the child domain with the same name with DCPROMO.
This can occur even after a succesfull DCPROMO where the domain is demoted.
All relevant MS KB articles do not provide the correct solution.
You will notice that the child domain still appears in Active Directory Domains and Trusts as a trusted domain and there is no way to remove it.

You might find articles that describe how to remove lingering objects or orphaned child domains from Active Directory
These KB articles http://support.microsoft.com/?kbid=230306  and http://support.microsoft.com/default.aspx?scid=kb;en-us;216498 tell you how to remove them, but still it is impossible for you to do it. Also no forum could provide me with the correct answer.
The error states that there is still a domain controller that hosts your child domain and this is where it got confusing: you assume that because you successfully demoted your last domain controller in your child domain that it 's impossible there is still a domain controller (or let alone a catalog server) that hosts your domain. But actually I (and maybe you) are staring yourself blind on the child domain when actually the real problem lies in the parent domain.
I 've been searching almost a complete day until I found out that an external "cowboy"-sultant had once installed a DC in the parent domain, didn 't like the name, formatted the machine and removed the computer account from AD just like that, without performing DCPROMO first (let alone transfer its GC role).

So here 's the solution:


Go into Active Directory Sites and Services on your parent domain's DC, click on the server which you don 't find anywhere anymore in your domain computer accounts (try pinging it for all I care), open the subfolder on it where it says "NTDS Settings" and delete it.
You will be prompted what to do about it. Take the third option: the server is permantly offline and you want it removed.
Make sure you run this procedure with any badly removed DC.
Now rerun DCPROMO on the server you want the new child domain to be created. Et voila, new child domain (re)created.

What 's probably behind this: your parent domain is still in a pending state where it 's waiting to notify your dead DC about the removal of the original child domain. Since this cannot happen, your AD will remain in a crippled state about the child domain.

Updated: July 16, 2010