Error Message: DSA Object Cannot Be Deleted

When you try to delete an orphaned NTDS Settings from Active Directory Sites and Services, you may receive the following error message: Note that only one NTDS Settings ordinarily exists under each server in the Servers folder in Active Directory Sites and Services. If two NTDS Settings are shown, the one that does not have connection objects associated with it (in the right pane) is probably the orphaned NTDS Settings.

The Dcpromo.exe demotion process must delete NTDS Settings from a server. However, the Dcpromo.exe process may not delete NTDS Settings even if connection objects are deleted. If you have multiple domain controllers, the Active Directory replication process may not delete NTDS Settings from this domain controller.

To work around this problem, complete the following procedure on a domain controller that has an orphaned NTDS Settings:

1. Start ADSI Edit, and then expand the following branches:
   • Configuration NC
   • CN=Configuration,DC=domain, DC=com
   • CN=Sites
   • CN=your site name
   • CN=Servers
2. Locate the server that has an orphaned NTDS Settings. Right-click the orphaned NTDS Settings, and then click Delete.
3. If you have multiple domain controllers, make sure that this change is replicated to all domain controllers.

An orphaned NTDS Settings object may also be found in the LostAndFoundConfig Container under the Configuration Container in ADSI Edit. You can use the analogous procedure to delete this object. To do this:

1. Start ADSI Edit, and then expand the following branches:
   • Configuration NC
   • CN=Configuration,DC=domain, DC=com
   • CN=LostAndFoundConfig
2. Right-click the orphaned NTDS Settings object, and then click Delete. Make sure that the related server object does not exist before deleting the NTDS Settings object.

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

ADSIEDIT is part of the Windows 2000 Support Tools.