As you have probably gathered I have been working alot with Windows 2003 Active Directory Advanced Support features recently, as part of my Professional Job Role. One of the features I was explaining to a customer recently the automatic recreation of the Domain Controller Object and the Ntds Settings Object if it is subject to the “fat finger” or malicious deletion. From Windows 2000 sp4 and Windows 2003, if you delete a live Domain Controller object you will be presented with the following screen shot.
If you select the bottom choice “This domain controller is permanently offline….”, you will find within a short space of time subject to the replication schedule of you Active Directory the deleted DC will automatically be recreated. You will find within the Eventlog of the deleted DC the following Eventid
This also works for the NTDS Object in Sites and Services.
Also a point to note is that if the DC which is deleted is offline when the deletion takes place, as long as the DC is brought back online within 14 days then the Automatic Restore will still take place.
HOWEVER….I advise you NEVER to Test this on a live Production Server, because potentially deleting a Live DC account could cause Kerberos and other Domain Security Issues. Reserve this to your TEST environment.