Solved

Orphaned sub-domain with a crashed and dead DC

Posted on 2006-10-20
7
754 Views
Last Modified: 2010-04-18
THIS DOMAIN DOES NOT REALLY EXIST - USING THE DOMAIN NAMES FOR AN EXAMPLE

We have a domain imaginary.com on which we created a sub-domain really.imaginary.com. On the sub-domain we created a Domain Controller named CLAUDETTE. Several days after adding CLAUDETTE to the sub-domain and promoting her to a global DC she crashed and burned.

What we would like to do at this point is remove any and all references to CLAUDETTE and the sub-domain really.imaginary.com
from AD.

Does anyone know how I would go about this?

I take it that I would have to go into AD using a tool/utility to manually remove the entries but do not know which tools to use or where to look in AD.

Thank you,

Keatscon
0
Comment
Question by:keatscon
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Expert Comment

by:CharliePete00
ID: 17775798
See http://support.microsoft.com/?kbid=216498

Be sure to take careful note of the warnings.  You will be directly modifying the AD schema as part of the process and should take great care.  Forked AD is much worse than a forked registry.  I'd make sure to get good system state backups of all DCs before beginning and only move forward when there is ample time to make and test the change then rollback if necessary.

Good Luck!
0
 

Author Comment

by:keatscon
ID: 17776923
CharliePete00,

     If I were to shutdown a DC and perform the procedure on the remaining DC,
     would I then be able to bring up the DC that was shutdown and push the changes
     down to this DC?

     Or would I have to leave both DCs up and running and perform the procedure?

     My line of thinking is that I can take one of DCs down and in case of an error I could take
    the damaged DC down and then bring up the healthy DC to take it's place.

   
Thank you,

Keatscon
0
 
LVL 7

Expert Comment

by:CharliePete00
ID: 17780995
No.  Active Directory, like any other database, can be divided into 2 parts:  the schema or definitions/descriptions of the data stored; and the data itself.  AD replication only passes changes in data and not schema.  Placing a DC in Authoritative Restore mode is simply a way of forcing all of the AD data it contains to be replicated to all other DCs.  No schema changes will be made.  Taking one of your DCs down to use for an authoritve restore in case the manual removal of the subdomain goes bad will not work.  You will need system state backups of all DCs prior to beginning in order to recover if necessary.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 48

Accepted Solution

by:
Jay_Jay70 earned 500 total points
ID: 17782868
i just typed out a long answer and my wiresless died.....what a PITA....

Basically you have a different situation than the link that was posted gives you, you have lost a DC in your Domain, you lost it in your forest so things are a little different

remove the trusts and data associated with them

http://support.microsoft.com/kb/q230306

Delete the DC's
http://support.microsoft.com/kb/q230306

delete the records from DNS, Sites and Services, and you may need ADSIEDIT to remove from ADUC
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17782869
0
 

Author Comment

by:keatscon
ID: 17791413
Gentlemen,

    I tried KB216498 per CharliePete00's recommendation. Receiveed a plethora of error messages and it did not solve my problem.

    I then tried KB230306 and that solved the issue of the sub-domain.

    The domain controller I can find no sign of in AD after following KB230306.
   
    I tried following the article from www.petri.co.il, but could not find the old DC of the sub-domain
    and so quit out of the ntdsutil.

    I do however still the sub-domain listed in the 'Log on to:' drop-down menu in the
    'Log On to Windows' dialog box. Is this a bad sign or just a remnant from the lost sub-domain?
    Should I make attempts at removing this from AD?

Thank you,

Keatscon

0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 17792526
you need to remove any trusts that in AD Domains and Trusts, need to clear all DNS, need to run a metadata cleanup with NTDSUTIL by attaching to your DC
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Learn about cloud computing and its benefits for small business owners.
This is a video that shows how the OnPage alerts system integrates into ConnectWise, how a trigger is set, how a page is sent via the trigger, and how the SENT, DELIVERED, READ & REPLIED receipts get entered into the internal tab of the ConnectWise …
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now