[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Orphaned sub-domain with a crashed and dead DC

Posted on 2006-10-20
7
Medium Priority
?
788 Views
Last Modified: 2010-04-18
THIS DOMAIN DOES NOT REALLY EXIST - USING THE DOMAIN NAMES FOR AN EXAMPLE

We have a domain imaginary.com on which we created a sub-domain really.imaginary.com. On the sub-domain we created a Domain Controller named CLAUDETTE. Several days after adding CLAUDETTE to the sub-domain and promoting her to a global DC she crashed and burned.

What we would like to do at this point is remove any and all references to CLAUDETTE and the sub-domain really.imaginary.com
from AD.

Does anyone know how I would go about this?

I take it that I would have to go into AD using a tool/utility to manually remove the entries but do not know which tools to use or where to look in AD.

Thank you,

Keatscon
0
Comment
Question by:keatscon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Expert Comment

by:CharliePete00
ID: 17775798
See http://support.microsoft.com/?kbid=216498

Be sure to take careful note of the warnings.  You will be directly modifying the AD schema as part of the process and should take great care.  Forked AD is much worse than a forked registry.  I'd make sure to get good system state backups of all DCs before beginning and only move forward when there is ample time to make and test the change then rollback if necessary.

Good Luck!
0
 

Author Comment

by:keatscon
ID: 17776923
CharliePete00,

     If I were to shutdown a DC and perform the procedure on the remaining DC,
     would I then be able to bring up the DC that was shutdown and push the changes
     down to this DC?

     Or would I have to leave both DCs up and running and perform the procedure?

     My line of thinking is that I can take one of DCs down and in case of an error I could take
    the damaged DC down and then bring up the healthy DC to take it's place.

   
Thank you,

Keatscon
0
 
LVL 7

Expert Comment

by:CharliePete00
ID: 17780995
No.  Active Directory, like any other database, can be divided into 2 parts:  the schema or definitions/descriptions of the data stored; and the data itself.  AD replication only passes changes in data and not schema.  Placing a DC in Authoritative Restore mode is simply a way of forcing all of the AD data it contains to be replicated to all other DCs.  No schema changes will be made.  Taking one of your DCs down to use for an authoritve restore in case the manual removal of the subdomain goes bad will not work.  You will need system state backups of all DCs prior to beginning in order to recover if necessary.
0
Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 1500 total points
ID: 17782868
i just typed out a long answer and my wiresless died.....what a PITA....

Basically you have a different situation than the link that was posted gives you, you have lost a DC in your Domain, you lost it in your forest so things are a little different

remove the trusts and data associated with them

http://support.microsoft.com/kb/q230306

Delete the DC's
http://support.microsoft.com/kb/q230306

delete the records from DNS, Sites and Services, and you may need ADSIEDIT to remove from ADUC
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17782869
0
 

Author Comment

by:keatscon
ID: 17791413
Gentlemen,

    I tried KB216498 per CharliePete00's recommendation. Receiveed a plethora of error messages and it did not solve my problem.

    I then tried KB230306 and that solved the issue of the sub-domain.

    The domain controller I can find no sign of in AD after following KB230306.
   
    I tried following the article from www.petri.co.il, but could not find the old DC of the sub-domain
    and so quit out of the ntdsutil.

    I do however still the sub-domain listed in the 'Log on to:' drop-down menu in the
    'Log On to Windows' dialog box. Is this a bad sign or just a remnant from the lost sub-domain?
    Should I make attempts at removing this from AD?

Thank you,

Keatscon

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17792526
you need to remove any trusts that in AD Domains and Trusts, need to clear all DNS, need to run a metadata cleanup with NTDSUTIL by attaching to your DC
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question