Solved

SRV records cleanup after 2008 R2 Active directory upgrade

Posted on 2010-11-11
7
1,248 Views
Last Modified: 2012-05-10
We had a 2003 AD domain (1 domain controller)
We have run adprep-->dcpromo the 2008 R2 DC-->dcpromo the 2003 DC to remove it from the domain.

While running the dcpromo on the 2003 DC to remove it from the domain, the process timed out because netlogon services could not be stopped. Running dcpromo again worked successfully and the 2003 DC is now a member server. The domain is in 2003 Mode and we plan to change it to 2008 R2.

The domain controller was automatically removed from the Domain Controllers OU but we found that there are still remnants behind in DNS (eg ldap & kerberos SRV records)
In addition to that, the 2003 DC sill appears in site & services.
We haven't looked at other locations ...

Any suggestions/links on cleaning it up ?  Is it a matter of removing the DNS entries manually and deleting the entry under sites and services ? anywhere else we should look ?

Thanks
0
Comment
Question by:rov17
7 Comments
 
LVL 9

Accepted Solution

by:
Trackhappy earned 125 total points
ID: 34117750
Clean up dns entries manually, then run ntdsutil, metada cleanup to remove the rest of the AD information. Most likely the Sites and Services won't be able to be removed until you do the metadata cleanup.
0
 
LVL 57

Assisted Solution

by:Mike Kline
Mike Kline earned 125 total points
ID: 34118207
You will have to delete it from sites and services, won't happen automatically during metadata cleanup using ntdsutil.   Just go through Daniel's steps to make sure it is gone  http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Thanks

Mike
0
 
LVL 4

Assisted Solution

by:added_flavour
added_flavour earned 250 total points
ID: 34119751
hi,

Make sure you follow following steps and check if anything is left in Active Directory:

http://technet.microsoft.com/en-us/library/cc736378(WS.10).aspx

Remove all the _ldap and _Srv Records and other records if present like host A ,GUID (under _MSDCS folder) from the DNS .

Deleted the Server from Dssite.msc .

Make sure you force repadmin /Kcc * on the new domain controller after that and check Dcdiag and Netdiag to make sure there are no other potential issues .

Please let me know in case you have any concerns or Questions .

Thanks !!!
0
Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

 
LVL 5

Author Comment

by:rov17
ID: 34127283
Hi  Mike and added flavour,

Thanks for the articles!!  Just a question the Domain and Forest function level still 2003, would it be better to raise it to 2008 then do the clean up or leave it as 2003 then raise it after the Meta data clean up?

Cheers
0
 
LVL 4

Assisted Solution

by:added_flavour
added_flavour earned 250 total points
ID: 34130861
Well i would suggest to do the metadata cleanup first if there are any instances of the earlier domain controller still there in Active Directory .. if there are no instances you can raise the Domain and Forest functional level it would not be an issue .

I would suggest you to run Dcdiag before raising the functional level ( just to make sure everything is in place )

Thanks !!

0
 
LVL 4

Expert Comment

by:added_flavour
ID: 34168038
hey rov17,

do let us know if any help is required !!

Cheers !!
0
 
LVL 5

Author Comment

by:rov17
ID: 34169626
When I Depromo the 2003 DC, it has actually removed it self from User and Computer Domain Controller OU, and also from Site and servers it still there but has no NTDS setting under it.
So I was only left with the NTDSUTIL command line which failed to connect to the 2003 old Dc (it is a member server now).

The thing is SRV records in DNS for that old 2003 Dc still there, Do you guys know of any utility that will clean it ?

Thanks
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
OfficeMate Freezes on login or does not load after login credentials are input.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

29 Experts available now in Live!

Get 1:1 Help Now