I'm confused, are you getting an error in dcpromo or when
using ntdsutil?
I thought that the DsRemoveDsServerW function was something
called during a normal dcpromo and from ntdsutil but your post seems to
make me think you are talking about forceremove. The idea behind forceremove is
that the DC can't talk to AD properly to demote so it shouldn't be
trying.
Anyway I *think* that call is used to rip the ntdsdsa
object out of the config container. You may want to look at the permissions on
that object (its nice name is NTDS Settings). Domain Admins should have the
rights to delete that but it wouldn't the first time I saw kooky permissions so
maybe try the ent admin ID or just manually delete the junk out of AD and see if
it lets you.
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of IAN FRASER
Sent: Thursday, July 08, 2004 5:04 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] Metadata Cleanup DSRemoveDSServerW
Hi
I have an issue when using DCPROMO /forceremove to remove a DC from a domain. I get so far with Metadata Cleanup (following the MS article 216498 that 99% of people probably use!) and get the error lsited below when I try to remove the select server.
DsRemoveDsServerW error 0x2098(Insufficient access rights to perform the operation.)
I'm logged in with domain admin.
I was forced to use forceremove becuause I had a rights issue when using DCPROMO as standard. Trying to DCPRMO from the console kept saying I didn''t have access, although I was using the Domain Admin account.
Any Ideas?
Ta
Ian Fraser
Cancer Research UK
