Solved

SRV records cleanup after 2008 R2 Active directory upgrade

Posted on 2010-11-11
7
1,260 Views
Last Modified: 2012-05-10
We had a 2003 AD domain (1 domain controller)
We have run adprep-->dcpromo the 2008 R2 DC-->dcpromo the 2003 DC to remove it from the domain.

While running the dcpromo on the 2003 DC to remove it from the domain, the process timed out because netlogon services could not be stopped. Running dcpromo again worked successfully and the 2003 DC is now a member server. The domain is in 2003 Mode and we plan to change it to 2008 R2.

The domain controller was automatically removed from the Domain Controllers OU but we found that there are still remnants behind in DNS (eg ldap & kerberos SRV records)
In addition to that, the 2003 DC sill appears in site & services.
We haven't looked at other locations ...

Any suggestions/links on cleaning it up ?  Is it a matter of removing the DNS entries manually and deleting the entry under sites and services ? anywhere else we should look ?

Thanks
0
Comment
Question by:rov17
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 9

Accepted Solution

by:
Trackhappy earned 125 total points
ID: 34117750
Clean up dns entries manually, then run ntdsutil, metada cleanup to remove the rest of the AD information. Most likely the Sites and Services won't be able to be removed until you do the metadata cleanup.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 125 total points
ID: 34118207
You will have to delete it from sites and services, won't happen automatically during metadata cleanup using ntdsutil.   Just go through Daniel's steps to make sure it is gone  http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Thanks

Mike
0
 
LVL 4

Assisted Solution

by:added_flavour
added_flavour earned 250 total points
ID: 34119751
hi,

Make sure you follow following steps and check if anything is left in Active Directory:

http://technet.microsoft.com/en-us/library/cc736378(WS.10).aspx

Remove all the _ldap and _Srv Records and other records if present like host A ,GUID (under _MSDCS folder) from the DNS .

Deleted the Server from Dssite.msc .

Make sure you force repadmin /Kcc * on the new domain controller after that and check Dcdiag and Netdiag to make sure there are no other potential issues .

Please let me know in case you have any concerns or Questions .

Thanks !!!
0
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 
LVL 5

Author Comment

by:rov17
ID: 34127283
Hi  Mike and added flavour,

Thanks for the articles!!  Just a question the Domain and Forest function level still 2003, would it be better to raise it to 2008 then do the clean up or leave it as 2003 then raise it after the Meta data clean up?

Cheers
0
 
LVL 4

Assisted Solution

by:added_flavour
added_flavour earned 250 total points
ID: 34130861
Well i would suggest to do the metadata cleanup first if there are any instances of the earlier domain controller still there in Active Directory .. if there are no instances you can raise the Domain and Forest functional level it would not be an issue .

I would suggest you to run Dcdiag before raising the functional level ( just to make sure everything is in place )

Thanks !!

0
 
LVL 4

Expert Comment

by:added_flavour
ID: 34168038
hey rov17,

do let us know if any help is required !!

Cheers !!
0
 
LVL 5

Author Comment

by:rov17
ID: 34169626
When I Depromo the 2003 DC, it has actually removed it self from User and Computer Domain Controller OU, and also from Site and servers it still there but has no NTDS setting under it.
So I was only left with the NTDSUTIL command line which failed to connect to the 2003 old Dc (it is a member server now).

The thing is SRV records in DNS for that old 2003 Dc still there, Do you guys know of any utility that will clean it ?

Thanks
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question