FSMO seizing questions

I just did it on testing purpose. I restored the first DC to the standalone backup.
So now the first DC is completely gone. But I have successfully seizing all roles to the new DC.

But here is the questions as you told me last time about metadata cleaup.
Now the 1st DC no longer exist, I just deleted the DC1 object from users and computers and from site and services. After that, I went into meatadata cleanup, but i don't see the dc anymore, what should i do? Does that mean the object completely removed from AD?

You followed these steps?

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

yes. But I deleted the DC1 object from users and computers and from site and services first. I didn't do meatadata cleanup first....

That is fine, you should still have data still in their for the dc unless you did a dcpromo.

Here si the screenshot.... no more DC1 there
metadata.JPG

Your clean. That's good.

So if I can just completely remove the object from users and computers and from site and services, does that mean metadata cleaup is not a MUST to run? Or it's just a safe checker in this case? What is the circumstance that I MUST run metadata cleaup?

When you have a failed dc that you can't dcpromo gracefully

But in my case, I didn't even do dcpromo on the first DC. I just removed it from users and computers and from site and services. So it seems not really necessary to run metadata cleaup..... that's why I am wondering when I must use it besides this.

You should use it everytime a dc fails. Usually just removing it from ADUC doesn't always work.

Ok. I got it!!!

And one more thing happened to me... because the I just restored the first DC back to standalone server. So the SID still the same. I was able to join the domain successfully, but after I reboot, when I try to log on, it returns me this message (see screenshot). So I think maybe the object is not completely wiped out from AD... but I cannot find it from anywhere in AD at this point. Even the metadata cannot find it......
sid.JPG

Do you mean you made that DC just a member server? Did you dcpromo /forceremoval? Did you change the DNS IP address?

Because the first DC has a standalone backup image, I just restored it.
So ip is the same as DC1, but DNS point to DC2.
I didn't do dcpromo to demote the DC, i just restored it.
And now, I just joined the domain, but after I reboot, I got this message.

Do you have error messages in the Event Viewer?

This is the only error I got on DC1.
logon.JPG

I think I can use the micrsoft application called newSID to regenerate the SID and the problem might be fixed, but I am just wondering the DC1 object no longer in AD, how come there is still this problem....

Can't be for sure but it could have been just a glitch. I tried to re-create the same problem but I didn't get an error.

I see... Thank you very much for your help and time.

By the way, I asked you a question a while ago. And I think I found some solution to the problem. But I haven't had a chance to work on the DC yet... Could you please take a look.

https://www.experts-exchange.com/questions/23879770/Which-DC-should-I-reset-machine-account.html