Solved

SRV records cleanup after 2008 R2 Active directory upgrade

Posted on 2010-11-11
7
1,241 Views
Last Modified: 2012-05-10
We had a 2003 AD domain (1 domain controller)
We have run adprep-->dcpromo the 2008 R2 DC-->dcpromo the 2003 DC to remove it from the domain.

While running the dcpromo on the 2003 DC to remove it from the domain, the process timed out because netlogon services could not be stopped. Running dcpromo again worked successfully and the 2003 DC is now a member server. The domain is in 2003 Mode and we plan to change it to 2008 R2.

The domain controller was automatically removed from the Domain Controllers OU but we found that there are still remnants behind in DNS (eg ldap & kerberos SRV records)
In addition to that, the 2003 DC sill appears in site & services.
We haven't looked at other locations ...

Any suggestions/links on cleaning it up ?  Is it a matter of removing the DNS entries manually and deleting the entry under sites and services ? anywhere else we should look ?

Thanks
0
Comment
Question by:rov17
7 Comments
 
LVL 9

Accepted Solution

by:
Trackhappy earned 125 total points
Comment Utility
Clean up dns entries manually, then run ntdsutil, metada cleanup to remove the rest of the AD information. Most likely the Sites and Services won't be able to be removed until you do the metadata cleanup.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 125 total points
Comment Utility
You will have to delete it from sites and services, won't happen automatically during metadata cleanup using ntdsutil.   Just go through Daniel's steps to make sure it is gone  http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Thanks

Mike
0
 
LVL 4

Assisted Solution

by:added_flavour
added_flavour earned 250 total points
Comment Utility
hi,

Make sure you follow following steps and check if anything is left in Active Directory:

http://technet.microsoft.com/en-us/library/cc736378(WS.10).aspx

Remove all the _ldap and _Srv Records and other records if present like host A ,GUID (under _MSDCS folder) from the DNS .

Deleted the Server from Dssite.msc .

Make sure you force repadmin /Kcc * on the new domain controller after that and check Dcdiag and Netdiag to make sure there are no other potential issues .

Please let me know in case you have any concerns or Questions .

Thanks !!!
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 5

Author Comment

by:rov17
Comment Utility
Hi  Mike and added flavour,

Thanks for the articles!!  Just a question the Domain and Forest function level still 2003, would it be better to raise it to 2008 then do the clean up or leave it as 2003 then raise it after the Meta data clean up?

Cheers
0
 
LVL 4

Assisted Solution

by:added_flavour
added_flavour earned 250 total points
Comment Utility
Well i would suggest to do the metadata cleanup first if there are any instances of the earlier domain controller still there in Active Directory .. if there are no instances you can raise the Domain and Forest functional level it would not be an issue .

I would suggest you to run Dcdiag before raising the functional level ( just to make sure everything is in place )

Thanks !!

0
 
LVL 4

Expert Comment

by:added_flavour
Comment Utility
hey rov17,

do let us know if any help is required !!

Cheers !!
0
 
LVL 5

Author Comment

by:rov17
Comment Utility
When I Depromo the 2003 DC, it has actually removed it self from User and Computer Domain Controller OU, and also from Site and servers it still there but has no NTDS setting under it.
So I was only left with the NTDSUTIL command line which failed to connect to the 2003 old Dc (it is a member server now).

The thing is SRV records in DNS for that old 2003 Dc still there, Do you guys know of any utility that will clean it ?

Thanks
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now