Article ID: 328775 - View products that this article applies to.
This article was previously published under Q328775
If you try to delete the computer account for the domain controller in Active Directory Users and Computers, you may receive the following error message:
This problem occurs if you delete the computer account after you have demoted the domain controller by running the dcpromo process on it.
Error: DSA object cannot be deleted
This problem occurs if the value of UserAccountControl is set to 8192.
To resolve this issue, change the value of UserAccountControl to 4096.
NOTE: Use this resolution only if one of the following is true:
For additional information about metadata cleanup, click the following article numbers to view the articles in the Microsoft Knowledge Base:
(http://support.microsoft.com/kb/216498/ )HOW TO: Remove Data in Active Directory After an Unsuccessful Domain Controller Demotion
(http://support.microsoft.com/kb/230306/ )HOW TO: Remove Orphaned Domains from Active Directory
(http://support.microsoft.com/kb/332199/ )Domain controllers do not demote gracefully when you use the Active Directory Installation Wizard to force demotion in Windows Server 2003 and in Windows 2000 Server
(http://support.microsoft.com/kb/229763/ )Error Message: DsRemoveDsDomainW Error 0x20ce