While the overall process detail varies, the overall theme remains: We start with the attacker having a foothold inside the enterprise, since this is often not difficult in modern networks.
I also covered some of these issues in the post “The Most Common Active Directory Security Issues and What You Can Do to Fix Them“.
Sometimes we have problem with broken Domain Controller(s) within our environment.
To force the removal of a Windows Server 2008 DC, perform the following steps: has been honored by Microsoft as an MVP for Directory Services.
He has provided thought leadership for some of Canada's largest Active Directory installations, and has also served as an author, technical reviewer, and subject matter expert for more than 50 training, exam writing, press, and whitepaper projects related to Windows Server 2008 Identity and Access Management, networking, and collaboration.
Because the DC cannot contact other DCs during the operation, the AD DS forest metadata is not automatically updated as it is when a DC is removed normally.