DsRemoveDsDomainW error 0×2015 (The directory service can perform the requested operation only on a leaf object.)
I tried to remove an orphaned child domain from a forest the other day and after performing the (I thought so) correct steps, NTDSUtil wouldn’t remove it with an error message:
DsRemoveDsDomainW error 0×2015 (The directory service can perform the requested operation only on a leaf object.)
Hmm… this wasn’t, what I expected (obviously) and I haven’t removed many domains with NTDSUtil yet so … I was kind of surprised. After thinking about that a little, NTDSUtil was right with what it said about the domain not being a leaf object.
Looking at the Naming Contexts that are around, there’s a sub-NC for every domain in the forest:
DC=domain,DC=com
DC=DomainDNSZones,DC=domain,DC=com
DC=ForestDNSZones,DC=domain,DC=com
CN=Configuration,DC=domain,DC=com
CN=Schema,CN=Configuration,DC=domain,DC=com
…
DC=child,DC=domain,DC=com
DC=DomainDNSZones,DC=child,DC=domain,DC=com
…
…and the DomainDNSZones application partition (just another NC) was the reason why NTDSUtil thought the domain partition was no leaf object — since from a “tree” perspective, there was a leaf object under the domain NC — DomainDNSZones for child. So before removing a whole domain off the directory, be sure to remove the DNS partitions.
There’s a KB article on this — and it shows how to remove the DNS partition in NTDSUtil: http://support.microsoft.com/kb/887424