NTDSUtil – Cannot delete server from a site – DsRemoveDsServerW error 0x5(Access is denied.)

When cleaning up non-existence domain controller using NTDSUtil, you may get this error:

metadata cleanup: remove selected server
Transferring / Seizing FSMO roles off the selected server.
DsRemoveDsServerW error 0x5(Access is denied).

There could be many reasons like the account is not really have access to remove servers from domain. But most obvious and common reason is the NTDS Settings is set to protect from accidental deletions.


1. Open Active Directory Sites and Services (on the the same DC where you are running NTDSUtil)

2. Navigate to Sites —> Your Site Name —> Servers —> DC Name —> NTDS Settings

3. Right click on NTDS Settings and select Properties

4. Change to Object tab and un-check the check box “Protect object from accidental deletion


That’s all. Try removing the server using NTDSUtil. 🙂




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s