How to Remove Child Domain – Manually

Removing Orphaned Domains from Active Directory

1) Determine the domain controller that holds the Domain Naming Master Flexible Single Master Operations (FSMO) role. To identify the server holding this role:
        1.1) Start the Active Directory Domains and Trusts Microsoft Management Console (MMC) snap-in from the Administrative Tools menu.
        1.2) Right-click the root node in the left pane titled Active Directory Domains and Trusts, and then click Operations Master.
        1.3) The domain controller that currently holds this role is identified in the Current Operations Master frame.NOTE: If this changed recently, not all computer may have received this change yet due to replication.
        For more information about FSMO roles, click the following article number to view the article in the Microsoft Knowledge Base:

    2) Verify that all servers for the domain have been demoted.
    3) Click Start, point to Programs, point to Accessories, and then click Command Prompt.
         At the command prompt, type: ntdsutil.
         Type: metadata cleanup, and then press ENTER.
         Type: connections, and then press ENTER. This menu is used to connect to the specific server on which the changes will occur. If the currently logged-on user is not a member of the Enterprise Admins group, alternate credentials can be supplied by specifying the credentials to use before making the connection. To do so, type: set creds domainname username password , and then press ENTER. For a null password, type: null for the password parameter.
        Type: connect to server servername (where servername is the name of the domain controller holding the Domain Naming Master FSMO Role), and then press ENTER. You should receive confirmation that the connection is successfully established. If an error occurs, verify that the domain controller being used in the connection is available and that the credentials you supplied have administrative permissions on the server.
        Type: quit, and then press ENTER. The Metadata Cleanup menu is displayed.
        Type: select operation target, and then press ENTER.
        Type: list domains, and then press ENTER. A list of domains in the forest is displayed, each with an associated number.
        Type: select domain number, and then press ENTER, where number is the number associated with the domain to be removed.
        Type: quit, and then press ENTER. The Metadata Cleanup menu is displayed.
        Type: remove selected domain, and then press ENTER. You should receive confirmation that the removal was successful. If an error occurs, please refer to the Microsoft Knowledge Base for articles on specific error messages.
        Type: quit at each menu to quit the NTDSUTIL tool. You should receive confirmation that the connection disconnected successfully.
see ref

IF it gives the error: “DsRemoveDsDomainW error 0x2162(The requested domain could not be deleted because there exist domain controllers that still host this domain.”

THEN do the following
1) open mmc
2) go to add / remove snap-in and select ADSI-Edit & click ok
3) Right Click on ADSI-Edit and select “Configuration” under select a well known Naming Context. Click ok to exit
4)Under CN=Sites delete the child domain controllers from the respective site(s)

This should clear up the above error.

run the above step again – it should be able to complete sucessfully. IF you get this error “DsRemoveDsDomainW error 0x2015(The directory service can perform the requested operation only on a leaf object”

Use the following steps to get rid of the error.

    1) Click Start, click Run, type ntdsutil, and then press ENTER.
    At the Ntdsutil command prompt, type partition management, and then press ENTER.
    2) Type connections, and then press ENTER.
    3) Type connect to serverDomain_Controller_Name, and then press ENTER.
    After the following message appears,“Connected to Domain_Controller_Name using credentials of locally logged on user” type quit, and then press ENTER:
    4) At the domain management prompt, type list, and then press ENTER.
    Note the following entry:
    DC=DomainDnsZones,DC=Child_Domain, DC=extension
    For example, if the child domain is, note the following entry:
    Type the following command, and then press ENTER.
    delete nc dc=domaindnszones,dc=Child_Domain,dc=extension
    Note In this command, Child_Domain represents the name of the child domain that you want to remove. For example, if the child domain is, type the following command, and then press ENTER:
    delete nc DC=DomainDnsZones,DC=let,DC=do,DC=com
    Quit Ntdsutil.

see ref
Once this is removed, then you can again remove the child domain using ntdsutil from the top.

It worked for me!


Replacing a vSphere 6.x /7.x Machine SSL certificate with a Custom Certificate Authority Signed Certificate

If you have not yet configured your Microsoft Certificate Authority, see Creating a Microsoft Certificate Authority Template for SSL certificate creation in vSphere 6.x/7.x (2112009) .   To replace the Machine SSL certificate with the Custom CA certificate:

  1. Launch the VMware vSphere 6.x Certificate Manager:

    vCenter Server 6.x Appliance:

    Windows vCenter Server 6.x:
    C:\Program Files\VMware\vCenter Server\vmcad\certificate-manager
    Note: It is important to be logged in as an administrator or to “Run as Administrator” if user access control is enabled.
  2. Select Option 1 (Replace Machine SSL certificate with Custom Certificate).
  3. Provide the administrator@vsphere.local password when prompted.
  4. Select Option 1 (Generate Certificate Signing Request(s) and Key(s) for Machine SSL certificate).
  5. Enter the directory in which you want to save the certificate signing request and the private key.

    • Refer to the below information to enter values for CSR generation.
      • Country      : Two uppercase letters only (Eg. US), the country where your company is located.
        Name         : FQDN of the vCenter Server(This will be your Certificate Subject Alternate Name)
        Organization : Company Name
        OrgUnit      : The name of your department within the organization. Example: “IT”
        State        : The state/province where your company is located
        Locality     : The city where your company is located.
        IPAddress    : IP Address of vCenter Server, this field is Optional
        Email        : Email Address
        Hostname     : FQDN of vCenter Server(This field accepts multiple entries separated by comma.

For example: VCSA1.vsphere.local,vcsa1,
VMCA Name    : FQDN of vCenter Server with VMCA (Usually External PSC or VC with Embedded PSC FQDN)

  • Note: make sure the Primary Network Identifier (PNID) matches the Hostname
    • To obtain the PNID please refer to the following commands for appliance and windows respectively:
      • /usr/lib/vmware-vmafd/bin/vmafd-cli get-pnid –server-name localhost
      • “C:\Program Files\VMware\vCenter Server\vmafdd\” vmafd-cli.exe get-pnid –server-name localhost
    • In vSphere 6.0 Update 3, provide Host Name with proper case sensitivity as per the previous Machine_SSL certificate while generating CSR.
    • The files created will have the names vmca_issued_csr.csr and vmca_issued_key.key.
  1. Provide the vmca_issued_csr.csr to your Certificate Authority to generate a Machine SSL Certificate, name the file machine_name_ssl.cer. For more information, see Obtaining vSphere certificates from a Microsoft Certificate Authority (2112014) .

    Note: For more information on allowing WinSCP connections to a vCenter Server 6.x Appliance, see Error when uploading files to vCenter Server Appliance using WinSCP (2107727).
  2. Return to the vSphere 6.x Certificate Manager and select Option 1 (Continue to importing Custom certificate(s) and key(s) for Machine SSL certificate).

    : If you are using a chain of Intermediate CA and Root CA, see Replacing certificates using vSphere 6.0 Certificate Manager fails at 0% with the error: Operation failed, performing automatic rollback (2111571) before proceeding.
  3. Provide the full path to machine_name_ssl.cer and vmca_issued_key.key from Step 5 and the CA certificate Root64.cer.

    Note: If you have one or more intermediate certificate authorities, the root64.cer should be a chain of all intermediate CA and Root CA certificates. The “machine_name_ssl.cer” should be a full chain for certificate+inter(s)+root.

    The machine_name_ssl.cer should be a complete chain file similar to: —–BEGIN CERTIFICATE—– MIIFxTCCBK2gAwIBAgIKYaLJSgAAAAAAITANBgkqhkiG9w0BAQUFADBGMRMwEQYK CZImiZPyLGQBGRYDbmV0MRYwFAYKCZImiZPyLGQBGRYGbW5uZXh0MRcwFQYDVQQD Ew5tbm5leHQtQUQtMS1DQTAeFw0xMzAyMDExNjAxMDNaFw0xNTAyMDExNjExMDNa <—–Certificate SMhYhbv3wr7XraAnsIaBYCeg+J7fKTFgjA8bTwC+dVTaOSXQuhnZfrOVxlfJ/Ydm NS7WBBBFd9V4FPyRDPER/QMVl+xyoaMGw0QKnslmq/JvID4FPd0/QD62RAsTntXI ATa+CS6MjloKFgRaGnKAAFPsrEeGjb2JgMOpIfbdx4KT3WkspsK3KPwFPoYza4ih 4eT2HwhcUs4wo7X/XQd+CZjttoLsSyCk5tCmOGU6xLaE1s08R6sz9mM= —–END CERTIFICATE—– —–BEGIN CERTIFICATE—– MIIDZzCCAk+gAwIBAgIQNO7aLfykR4pE94tcRe0vyDANBgkqhkiG9w0BAQUFADBG K73RIKZaDkBOuUlRSIfgfovUFJrdwGtMWo3m4dpN7csQAjK/uixfJDVRG0nXk9pq GXaS5/YCv5B4q4T+j5pa2f+a61ygjN1YQRoZf2CHLe7Zq89Xv90nhPM4foWdNNkr <—–Intermediate Certificate /Esf1E6fnrItsXpIchQOmvQViis12YyUvwko2aidjVm9sML0ANiLJZSoQ9Zs/WGC TLqwbQm6tNyFB8c= —–END CERTIFICATE—– —–BEGIN CERTIFICATE—– MIIDZzCCAk+gAwIBAgIQNO7aLfykR4pE94tcRe0vyDANBgkqhkiG9w0BAQUFADBG K73RIKZaDkBOuUlRSIfgfovUFJrdwGtMWo3m4dpN7csQAjK/uixfJDVRG0nXk9pq GXaS5/YCv5B4q4T+j5pa2f+a61ygjN1YQRoZf2CHLe7Zq89Xv90nhPM4foWdNNkr <—–Root Certificate /Esf1E6fnrItsXpIchQOmvQViis12YyUvwko2aidjVm9sML0ANiLJZSoQ9Zs/WGC TLqwbQm6tNyFB8c= —–END CERTIFICATE—–
    For example:

vCenter Server Appliance:  Provide a valid custom certificate for Machine SSL. File : /tmp/ssl/machine_name_ssl.cer
  Provide a valid custom key for Machine SSL. File : /tmp/ssl/machine_name_ssl.key   Provide the signing certificate of the Machine SSL certificate. File : /tmp/ssl/Root64.cer   Windows vCenter Server: Provide a valid custom certificate for Machine SSL.
File : C:\ssl\machine_name_ssl.cer

Provide a valid custom key for Machine SSL.
File : C:\ssl\machine_name_ssl.key

Provide the signing certificate of the Machine SSL certificate.
File : C:\ssl\Root64.cer

  1. Answer Yes (Y) to the confirmation request to proceed.

  • When Certificate Manager prompts for the certificate, Enter the proper value for VMCA Name enter the Root Cert Name (That is Issuer Cert CA Common Name).
  • This task replaces the Machine SSL Certificate with a Custom CA Signed Certificate.
  • This certificate is not issued by VMCA. It is issued by an external Certificate Authority.
  • If you are running an external Platform Services Controller (deprecated in 6.7.x), you will need to restart the services on the external vCenter Server 6.x and then proceed with replacing the Machine SSL of the vCenter Server 6.x.



Newer versions of OpenSSL say BEGIN PRIVATE KEY because they contain the private key + an OID that identifies the key type (this is known as PKCS8 format). To get the old style key (known as either PKCS1 or traditional OpenSSL format) you can do this:

openssl rsa -in server.key -out server_new.key

Alternately, if you have a PKCS1 key and want PKCS8:

openssl pkcs8 -topk8 -nocrypt -in privkey.pem


退出用“exit”, “quit”还是“close”?

If you are developing a Windows application, the correct term to use is “Exit”. This is spelt out in Microsoft’s Design apps for the Windows desktop guide, under the “Standard Menu Bars” section.

If you are developing a Mac application, the correct term to use is “Quit”. (Your menu item must read “Quit AppName“.) This is spelt out in Apple’s OS X Human Interface Guidelines, under “The App Menu” section.

In general, you should follow the platform’s user-interface guidelines when you are developing apps so that your app is consistent with all other apps in the same platform, so as to reduce your app’s complexity and learning curve for your customers.



Difference between Software and Program: If we talk about our daily uses, then software and program can be used interchangeably. But there is a huge difference in between software and program in technical language.

As software is a collection of programs and data files that are designed to perform some operations and on the other hand, program is a set of instructions that perform only a specific task that it is made for. In this article, we will discuss the basic difference between Software and Program in tabular format to make it easily understandable.

S. No.SoftwareProgram
1The software is a broad term which is designed to perform some specific set of operations.A program is set of instructions which perform only a specific type of task.
2A software consists of bundles of programs and data files. Programs in a specific software use these data files to perform a dedicated type of tasks.A program consists of a set of instructions which are coded in a programming language like C, C++, PHP, Java etc.
3A software can be classified into two categories: application software and system software.A program cannot be classified into various categories.
4An application software comes in wide range of varieties like a text editor, media player, web browser, video player, video editor, image editor. Different types of application software provide a different type of services. A system software acts as an interface between hardware and an application software. Whenever a user wants to do a specific job, he gives commands to application software. These commands are delivered to application software via system software. All of the system software provide same kind of services. An operating system is a type of system software.Source code in a program is written for small jobs.
5Examples of  “application software” are: Microsoft Word, Microsoft Excel, Google Chrome, VLC media player, Firefox, Adobe Reader etc. Examples of “system software” are: Windows, Linux, Unix, Mac etc.Program showing whether a given number is even or odd, program to find factorial of a number, program to find greatest of all given numbers, program to check whether a given number is palindrome or not; are few examples of the program.
6A software is developed by either a single programmer or a group of programmers but it is developed for a naïve user.A program is developed and also used by either a single programmer or a group of programmers.
7Every software has a dedicated user interface. The user interface of a software may be in the form of command prompt or in a graphical format.Programs don’t have a user interface.
8Software development life cycle (SDLC) is used to develop every software.SDLC is not used to make programs.
9A software is not compiled when we give it commands to perform specific operations. However, a whole software is compiled, tested and debugged in the development process.A program is compiled every time when we need to genera