We have two domain controllers, dc1 and dc2. We have already removed dc2 and made meta data cleanup (with ntdsutil, with microsoft script, with GUI). Unfortunately we have always one CN object left which is write protected (Protect from accidential deletion) which can't be deleted. It is located in:
CN=dc2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=forestrootdomain
To delete the msDFSR-Member CN object (dc2) in the Topolocy CN via ADSIEdit fails. To delete it with Powershell fails too, PS command:
Get-ADObject "CN=dc2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=forestrootdomain" | Set-ADObject -ProtectedFromAccidentalDeletion:$false
with the following error:
Set-ADObject : A required attribute is missing
But if we can't delete this CN object, we can't recreate a domain controller with the same hostname who has a functional replication and advertisement within the domain.
Any suggestions appreciated.
Best regards
-- Regards Timo