Solved

Orphaned sub-domain with a crashed and dead DC

Posted on 2006-10-20
7
759 Views
Last Modified: 2010-04-18
THIS DOMAIN DOES NOT REALLY EXIST - USING THE DOMAIN NAMES FOR AN EXAMPLE

We have a domain imaginary.com on which we created a sub-domain really.imaginary.com. On the sub-domain we created a Domain Controller named CLAUDETTE. Several days after adding CLAUDETTE to the sub-domain and promoting her to a global DC she crashed and burned.

What we would like to do at this point is remove any and all references to CLAUDETTE and the sub-domain really.imaginary.com
from AD.

Does anyone know how I would go about this?

I take it that I would have to go into AD using a tool/utility to manually remove the entries but do not know which tools to use or where to look in AD.

Thank you,

Keatscon
0
Comment
Question by:keatscon
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Expert Comment

by:CharliePete00
ID: 17775798
See http://support.microsoft.com/?kbid=216498

Be sure to take careful note of the warnings.  You will be directly modifying the AD schema as part of the process and should take great care.  Forked AD is much worse than a forked registry.  I'd make sure to get good system state backups of all DCs before beginning and only move forward when there is ample time to make and test the change then rollback if necessary.

Good Luck!
0
 

Author Comment

by:keatscon
ID: 17776923
CharliePete00,

     If I were to shutdown a DC and perform the procedure on the remaining DC,
     would I then be able to bring up the DC that was shutdown and push the changes
     down to this DC?

     Or would I have to leave both DCs up and running and perform the procedure?

     My line of thinking is that I can take one of DCs down and in case of an error I could take
    the damaged DC down and then bring up the healthy DC to take it's place.

   
Thank you,

Keatscon
0
 
LVL 7

Expert Comment

by:CharliePete00
ID: 17780995
No.  Active Directory, like any other database, can be divided into 2 parts:  the schema or definitions/descriptions of the data stored; and the data itself.  AD replication only passes changes in data and not schema.  Placing a DC in Authoritative Restore mode is simply a way of forcing all of the AD data it contains to be replicated to all other DCs.  No schema changes will be made.  Taking one of your DCs down to use for an authoritve restore in case the manual removal of the subdomain goes bad will not work.  You will need system state backups of all DCs prior to beginning in order to recover if necessary.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 500 total points
ID: 17782868
i just typed out a long answer and my wiresless died.....what a PITA....

Basically you have a different situation than the link that was posted gives you, you have lost a DC in your Domain, you lost it in your forest so things are a little different

remove the trusts and data associated with them

http://support.microsoft.com/kb/q230306

Delete the DC's
http://support.microsoft.com/kb/q230306

delete the records from DNS, Sites and Services, and you may need ADSIEDIT to remove from ADUC
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17782869
0
 

Author Comment

by:keatscon
ID: 17791413
Gentlemen,

    I tried KB216498 per CharliePete00's recommendation. Receiveed a plethora of error messages and it did not solve my problem.

    I then tried KB230306 and that solved the issue of the sub-domain.

    The domain controller I can find no sign of in AD after following KB230306.
   
    I tried following the article from www.petri.co.il, but could not find the old DC of the sub-domain
    and so quit out of the ntdsutil.

    I do however still the sub-domain listed in the 'Log on to:' drop-down menu in the
    'Log On to Windows' dialog box. Is this a bad sign or just a remnant from the lost sub-domain?
    Should I make attempts at removing this from AD?

Thank you,

Keatscon

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17792526
you need to remove any trusts that in AD Domains and Trusts, need to clear all DNS, need to run a metadata cleanup with NTDSUTIL by attaching to your DC
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Question about AD permissions 2 67
Trust one-way issue 2 58
Copy an entire Active Directory Domain to a dev environment 4 127
AD Replications issues 12 106
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question