[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1288
  • Last Modified:

SRV records cleanup after 2008 R2 Active directory upgrade

We had a 2003 AD domain (1 domain controller)
We have run adprep-->dcpromo the 2008 R2 DC-->dcpromo the 2003 DC to remove it from the domain.

While running the dcpromo on the 2003 DC to remove it from the domain, the process timed out because netlogon services could not be stopped. Running dcpromo again worked successfully and the 2003 DC is now a member server. The domain is in 2003 Mode and we plan to change it to 2008 R2.

The domain controller was automatically removed from the Domain Controllers OU but we found that there are still remnants behind in DNS (eg ldap & kerberos SRV records)
In addition to that, the 2003 DC sill appears in site & services.
We haven't looked at other locations ...

Any suggestions/links on cleaning it up ?  Is it a matter of removing the DNS entries manually and deleting the entry under sites and services ? anywhere else we should look ?

Thanks
0
rov17
Asked:
rov17
4 Solutions
 
TrackhappyCommented:
Clean up dns entries manually, then run ntdsutil, metada cleanup to remove the rest of the AD information. Most likely the Sites and Services won't be able to be removed until you do the metadata cleanup.
0
 
Mike KlineCommented:
You will have to delete it from sites and services, won't happen automatically during metadata cleanup using ntdsutil.   Just go through Daniel's steps to make sure it is gone  http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Thanks

Mike
0
 
added_flavourCommented:
hi,

Make sure you follow following steps and check if anything is left in Active Directory:

http://technet.microsoft.com/en-us/library/cc736378(WS.10).aspx

Remove all the _ldap and _Srv Records and other records if present like host A ,GUID (under _MSDCS folder) from the DNS .

Deleted the Server from Dssite.msc .

Make sure you force repadmin /Kcc * on the new domain controller after that and check Dcdiag and Netdiag to make sure there are no other potential issues .

Please let me know in case you have any concerns or Questions .

Thanks !!!
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
rov17Author Commented:
Hi  Mike and added flavour,

Thanks for the articles!!  Just a question the Domain and Forest function level still 2003, would it be better to raise it to 2008 then do the clean up or leave it as 2003 then raise it after the Meta data clean up?

Cheers
0
 
added_flavourCommented:
Well i would suggest to do the metadata cleanup first if there are any instances of the earlier domain controller still there in Active Directory .. if there are no instances you can raise the Domain and Forest functional level it would not be an issue .

I would suggest you to run Dcdiag before raising the functional level ( just to make sure everything is in place )

Thanks !!

0
 
added_flavourCommented:
hey rov17,

do let us know if any help is required !!

Cheers !!
0
 
rov17Author Commented:
When I Depromo the 2003 DC, it has actually removed it self from User and Computer Domain Controller OU, and also from Site and servers it still there but has no NTDS setting under it.
So I was only left with the NTDSUTIL command line which failed to connect to the 2003 old Dc (it is a member server now).

The thing is SRV records in DNS for that old 2003 Dc still there, Do you guys know of any utility that will clean it ?

Thanks
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now