Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Can't join server back into domain after force demotion

Posted on 2008-06-13
7
Medium Priority
?
694 Views
Last Modified: 2010-08-05
Dear experts,

Have a weird question. I have just force demote a secondary DC using the /forceremoval switch (normal dcpromo didn't work).Things went fine and the server has now become a standalone server (kicked out from the domain). I then logged onto another DC and found that this demoted DC still exists in the Domain Controller container, tried to delete but it says "DSA objects cannot be deleted".

OK no problem so far. I knew I need to do metadata cleanup so I followed the instructions given but when I reached the point where "list servers in site", the demoted DC does not exist. It only lists all the DCs that are still live but this demoted DC wasn't shown. However I still can't remove its entry in the Domain Controller container.

Is there anything I have missed, or need to do to remove the entry? I guess it is of no harm leaving it there but I just want it to be tidy.

Thanks in advance.
0
Comment
Question by:ormerodrutter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 210 total points
ID: 21778156
How long was it since it was removed - it might just be a latency issue. Clear any references to the machine in DNS/WINS and clear the caches.
0
 
LVL 23

Author Comment

by:ormerodrutter
ID: 21778237
Yep true. Only did it this morning so I shall wait until Monday and check again. Thanks.
0
 

Accepted Solution

by:
frsupport earned 330 total points
ID: 21780756
I had this issue a couple of days ago, if you follow this resolution using ADSI Edit it should solve your problem, it solved mine.

Error Message: DSA Object Cannot Be Deleted

http://support.microsoft.com/kb/318698
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 1

Assisted Solution

by:himkal
himkal earned 210 total points
ID: 21782235
hey you have clean the meta of the server from the ntdsutil  t

go to ntdsutil -- meta clean up

use this link to clean up
http://technet2.microsoft.com/windowsserver/en/library/012793ee-5e8c-4a5c-9f66-4a486a7114fd1033.mspx?mfr=true

and then try under domain in ntdsutil clean delete the server name u have forcefully removed.

then try to join it to domain it should work
0
 
LVL 1

Expert Comment

by:himkal
ID: 21782249
I am sorry the second last line under adsiedit.msc check  under domain deleted the server name folder

then try to join again.
0
 
LVL 23

Author Comment

by:ormerodrutter
ID: 21787005
OK will give it a go next week. Thanks in advance.
0
 
LVL 23

Author Comment

by:ormerodrutter
ID: 21801665
Guys,

It has been 4 days and the record is still in the DC container so its not Latency issue.

ADSIEDIT is not what I wanted. I don't have an orphan NTDS settings. I am not trying to delete anything form AD Site and Services, my problem is that an orphan DC still exists in the DC Container in AD User and Computers. Metadata Cleanup is not clearing it as this "orphan" DC doesn't show in "List servers n site".

Anymore ideas?
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
A hard and fast method for reducing Active Directory Administrators members.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question