Removing an orphaned AD domain: "a referral was returned from the server"
Note: the problem has been resolved, the admin of the parent domain managed to remove the DC object. I gather he used ADSIEdit.
I'm working with an AD forest (in an isolated test environment, luckily, so failing all else we can blow everything away) and accidentally tried to create a subdomain using a cloned machine as the new domain controller.
Naturally enough, this didn't work. But the new subdomain got created, even though AD was not successfully installed on the putative DC, and now I can't get rid of it.
I started with this article. That didn't work because there was still metadata for the DC for the orphaned domain.
So I found this. Unfortunately this doesn't work either.
I opened AD Site and Services, opened the site in question, opened the Servers container, selected the DC in question, right-clicked on NTDS Settings and selected Delete. Clicked through "Are you sure", selected "This Domain Controller is permanently offline ...", confirmed that I wanted to do this even though the DC isn't in the domain I'm connected to, and confirmed that I wanted to do this even though this was the last DC in the domain.
Then it said "Windows cannot delete object LDAP://... because: A referral was returned from the server."
Anyone seen this before? Any ideas?
The administrator of the parent domain removed the DC object the next day using ADSIEdit. I was then able to remove the orphaned domain as described in KB230306.
I believe that part of the problem was that not all of the information had fully replicated, perhaps due to some odd issues with DNS in the isolated environment. It is possible that, had I waited overnight, the procedure I originally tried (described in the question) would have worked.