• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1432
  • Last Modified:

Metadata Cleanup and REPLMON

I hope someone will be able to assist me because this has boggled my mind for the past week...

I inherited an Active Directory environment where a couple of domain controllers were deleted out of Active Directory instead of using DCPROMO to demote a DC to a member server and disjoined from the domain.  I followed the procedures detailed in the KB article "How to Remove Data in Active Directory After an Unsuccessful Domain Controller Demotion" (article 216498).  I used NTDSUTIL and performed a metadata cleanup, used ADSIEDIT to remove any references to the deleted domain controllers, and  removed any records in DNS referencing the deleted domain controllers.  I even tried using LDP.exe to delete these objects.  On top of that I even burned a support call with Microsoft to try to "fix" this but they referred me to the same KB articles I used.

After going through all of this clean up work, I still get error messages in the Event Logs that replication failed with one of the deleted domain controllers.  How is this possible?  Also, when I view the replication partners using REPLMON, there are entries for DELETED SERVER #_ under each of the current domain controllers.  Am I missing something here?  Is there some hidden container where I still need to clean up any references to these deleted domain controllers?  How can I remove the entries referring to the DELETED SERVER #_ that REPLMON sees in Active Directory?  Maybe I just need to chill and not be so obsessive...LOL.

Thanks in advance!!!

0
tbaik
Asked:
tbaik
  • 6
  • 5
  • 2
  • +1
1 Solution
 
Netman66Commented:
Open up AD Sites and Services - if the servernames are still present in Sites, then delete them there.

0
 
Jay_Jay70Commented:
Hi tbaik,

hmmm netman has already pointed out the problem i regularly see... does dcdiag come back clean?
0
 
tbaikAuthor Commented:
I appreciate your feedback, but it doesn't show up in AD Sites and Services and dcdiag comes back clean as well as replmon when I check for replication errors.  I'm wondering if somehow the deleted servers are cached or it's finding the references in a hidden container that can be seen using ldp.
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
tbaikAuthor Commented:
I only see references to the deleted servers in REPLMON (as **DELETED SERVER #_) and the error messages in the Directory Services event logs.
0
 
Jay_Jay70Commented:
im gonna suggest the obvious and reboot your DC's completely
0
 
tbaikAuthor Commented:
Thanks, Jay Jay, but I already tried that.  LOL....
0
 
Jay_Jay70Commented:
haha! ahh it was worth a shot :)

how long ago did you remove the server, im wondering whether or not it takes a little while to propogate these changes
0
 
Netman66Commented:
Check the NTDS settings in AD Sites and Services.  Any manually created site links will not be deleted automatically.  Check this for all server objects there.




0
 
tbaikAuthor Commented:
Jay Jay, I believe the servers were deleted about 2 months ago.

Netman, I clean out any references to the deleted domain controllers in every place I know to look using AD U &C, AD S & S, ntdsutil (metadata cleanup), adsiedit, and ldp.  I'm not sure where else to look.  The only other thing I can think of is that I'll have to wait until the tombstone expires to see if I still get the replication failure error messages and it disappears in REPLMON.  What I don't understand is why I'm getting error messages and where does REPLMON get the information to see the deleted domain controllers.  
0
 
egrigsonCommented:
Have you tried using Ultrasound to diagnose the replication issues? Do you use DFS, or is it just the SYSVOL share that's replicating?

I ran into similar problems a while ago, although my non-existant domain controllers still showed up by name (rather than DELETED #1  etc) in Ultrasound. Have you checked the File Replication System container using ADSI Edit? You can find it in the Domain partition under CN=<your domain>, CN=System, CN=File Replication System, CN=Domain System Volume (SYSVOL share). There will be a list of DCs under there, and they're the ones the FRS service uses as it's source list.

Hope this helps,

Ed.
0
 
Jay_Jay70Commented:
sorry about this, i forgot about this Q, are you still getting the same problems?
0
 
tbaikAuthor Commented:
Egrigson,

Yes, I've checked everywhere including the directory in ADSIEdit that you're pointing me to.  I'm not sure where else to look.  I've even asked a senior Microsoft consultant (who works for Microsoft) and his response is that I've looked everywhere he would've looked.  I'm wondering if this is a bug in Active Directory.  Thanks for your feedback.

Jay Jay,

Yes, this "problem" still exists although it's more of an annoyance than anything.  I still get the error messages stating that the replication partner [lists DC by name] is failing replication.  I know I can ignore this error since I've cleaned out every instance of the DC that I know of.  Not sure where to go from here though.

Thanks!
0
 
Jay_Jay70Commented:
well mate if you have spoken to the tech and there is nothing that he can offer then i guess it may just be a bug with your install

very strange that even adsiedit doesnt show anything, it sounds simple, but maybe try reinstalling the actual diag tools themselves
0
 
tbaikAuthor Commented:
Thank you very much for everyone's feedback.  I'm not sure why this is happening in AD.  I guess it's a bug.  If I find a solution, I'll be sure to post it so everyone may be enlightened.  Thanks again!!
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 6
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now