- Metadata Cleanup Fails with DsRemoveDsServerW error 0x5(Access is denied.)
Microsoft Windows [Version 6.3.9600] (c) 2013 Microsoft Corporation. All rights reserved. C:\Windows\system32>ntdsutil ntdsutil: metadata cleanup metadata cleanup: connection server connections: connect to server AZURE365PRO-LIVEDC Binding to AZURE365PRO-LIVEDC ... Connected to AZURE365PRO-LIVEDC using credentials of locally logged on user. server connections: quit metadata cleanup: select operation target select operation target: list domains Found 1 domain(s) 0 - DC=azure365pro,DC=com select operation target: select domain 0 No current site Domain - DC=azure365pro,DC=com No current server No current Naming Context select operation target: list sites Found 2 site(s) 0 - CN=AD-000,CN=Sites,CN=Configuration,DC=azure365pro,DC=com 1 - CN=AD-001,CN=Sites,CN=Configuration,DC=azure365pro,DC=com select operation target: select sit 0 Site - CN=AD-000,CN=Sites,CN=Configuration,DC=azure365pro,DC=com Domain - DC=azure365pro,DC=com No current server No current Naming Context select operation target: list servers in site Found 3 server(s) 0 - CN=AZURE365PRO-DEADDC,CN=Servers,CN=AD-000,CN=Sites,CN=Configuration,DC=azure365pro,DC=com 1 - CN=AZURE365PRO-DC03,CN=Servers,CN=AD-000,CN=Sites,CN=Configuration,DC=azure365pro,DC=com 2 - CN=AZURE365PRO-LIVEDC,CN=Servers,CN=AD-000,CN=Sites,CN=Configuration,DC=azure365pro,DC=com select operation target: select server 0 Site - CN=AD-000,CN=Sites,CN=Configuration,DC=azure365pro,DC=com Domain - DC=azure365pro,DC=com Server - CN=AZURE365PRO-DEADDC,CN=Servers,CN=AD-000,CN=Sites,CN=Configuration,DC=azure365pro ,DC=com DSA object - CN=NTDS Settings,CN=AZURE365PRO-DEADDC,CN=Servers,CN=AD-000,CN= Sites,CN=Configuration,DC=azure365pro,DC=com DNS host name - AZURE365PRO-DEADDC.azure365pro.com Computer object - CN=AZURE365PRO-DEADDC,OU=Domain Controllers,DC=azure365pro,DC=com No current Naming Context select operation target: quit metadata cleanup: remove selected server Transferring / Seizing FSMO roles off the selected server. DsRemoveDsServerW error 0x5(Access is denied.) metadata cleanup:
Solution –
- Make Sure all objects which you trying to remove “Protect Object from Accidental deletion” is unchecked in Active Directory Sites and Services.
![Pinterest](https://pinterest.com/pin/create/button/?url=https://www.azure365pro.com/domain-controller-metadata-cleanup-denied/&media=https://www.azure365pro.com/wp-content/uploads/2019/04/Access_Denied.png&description=An error: "Access is denied" may occur when using the GUI tools to perform a metadata cleanup of a failed domain controller.){kind=link}