Solved

Child Domain Remains in Domains and Trusts after metadata Cleanup

Posted on 2011-02-25
8
1,316 Views
Last Modified: 2012-05-11
Some time ago a SAN admin thought it would be okay to kill a lun b/c it was a test server.  While it was a test domain, it was a child of the production.  I know, but we don't have the funds to build a proper test environ.  Anyway, I did a metadata cleanup, but today (several months later) the deleted DC reappeared in Sites and Service.  It's domain reappeared in Trusts & Domains.  I can't do another metadata b/c the domain the serve existed in is not available for selection.  I was able to deleted the old server object from sites and service, but Domain and Trusts doesn't let me delete domains.  How can I get rid of the domain and where should I look to be sure the DC is gone.

domain is 7 site 2003 functional level, all 2003 boxes/DCs.
0
Comment
Question by:whoam
  • 5
  • 2
8 Comments
 
LVL 4

Expert Comment

by:greggy86
ID: 34985209
run dcdiag, this will tell you the state of the child domain and DCs
also this tells me the domain is still registered in DNS despite the metadata cleanup - you may have to manually clean up the srv resource records. http://www.petri.co.il/active_directory_srv_records.htm
when done run dcdiag again
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 500 total points
ID: 34986763
You could check to see if there are any domain partitions left lingering. ie. the child domains DNS zone.

http://www.windowsitpro.com/article/domains2/q-how-can-i-avoid-receiving-an-0x2015-error-when-i-use-ntdsutil-to-delete-a-nonexistent-domain-.aspx
0
 

Author Comment

by:whoam
ID: 35003202
I ran the DC Diag.  It fails the systemlog test, but I could not find the erros lited in the system log.  I don't see where it lists the test.company.com domain.
Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Main-Office\<SERVER>
      Starting test: Connectivity
         ......................... <SERVER> passed test Connectivity

Doing primary tests

   Testing server: Main-Office\<SERVER>
      Starting test: Replications
         ......................... <SERVER> passed test Replications
      Starting test: NCSecDesc
         ......................... <SERVER> passed test NCSecDesc
      Starting test: NetLogons
         ......................... <SERVER> passed test NetLogons
      Starting test: Advertising
         ......................... <SERVER> passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... <SERVER> passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... <SERVER> passed test RidManager
      Starting test: MachineAccount
         ......................... <SERVER> passed test MachineAccount
      Starting test: Services
         ......................... <SERVER> passed test Services
      Starting test: ObjectsReplicated
         ......................... <SERVER> passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... <SERVER> passed test frssysvol
      Starting test: frsevent
         ......................... <SERVER> passed test frsevent
      Starting test: kccevent
         ......................... <SERVER> passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:00:49
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:00:49
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:00:49
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:01:02
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:01:02
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:01:03
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:01:03
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:01:04
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:01:04
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:01:11
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:01:11
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:01:12
            (Event String could not be retrieved)
         ......................... <SERVER> failed test systemlog
      Starting test: VerifyReferences
         ......................... <SERVER> passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidatio

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidatio

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : Company
      Starting test: CrossRefValidation
         ......................... Company passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Company passed test CheckSDRefDom

   Running enterprise tests on : Company.com
      Starting test: Intersite
         ......................... Company.com passed test Intersite
      Starting test: FsmoCheck
         ......................... Company.com passed test FsmoCheck

Open in new window

0
 

Author Comment

by:whoam
ID: 35003233
I did find the test domain in DNS.  I have deleted it.  It'll take rep time to see if that produces our desired effect.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 21

Assisted Solution

by:snusgubben
snusgubben earned 500 total points
ID: 35004405
Did you check with NTDSUTIL if you have any domain partition for the child left?
0
 

Author Comment

by:whoam
ID: 35041026


snusgubben,

I am trying the NTDSUTIL now.  I found two related entries...
5 - DC=test,DC=domain,DC=com
6 - DC=DomainDnsZones,DC=test,DC=domain,DC=com

I tried the command

delete NC DC=DomainDnsZone,DC=test,DC=domain,DC=com

returned

ldap_delete_ext_sW error 0x20(32 (No Such Object).

the command

delete NC DC=test,DC=domain,DC=com

returned

ldap_delete_ext_sW error 0x42(66 (Not allowed on Non-leaf).
Ldap extended error message is 00002015: UpdErr: DSID-03100B8E, problem 6003 (C
NT_ON_NON_LEAF), data 0

Win32 error returned is 0x2015(The directory service can perform the requested
peration only on a leaf object.)
)


***********************************************************************
duh, syntax!  
delete NC DC=DomainDnsZones,DC=test,DC=domain,DC=com
worked, I was missing the s in Zones

the command
delete NC DC=test,DC=domain,DC=com
also worked so I am waiting to see.

I did look into a metadata cleanup, but the test domain was not listed.
0
 

Author Comment

by:whoam
ID: 35041032
got this in the DS log...
Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1270
Date:            3/4/2011
Time:            7:02:59 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      TB105007
Description:
The following directory partition has been removed from the Active Directory forest. As a result, the following directory partition is no longer replicated from the source domain controller at the following network address.
 
Directory partition:
DC=test,DC=domain,DC=com
Source domain controller:
CN=NTDS Settings,CN=server,CN=Servers,CN=DR-COLO,CN=Sites,CN=Configuration,DC=domain,DC=com
Network address:
8b8e9030-6d6b-492f-b1fd-d90948a65cc8._msdcs.domain.com

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 

Author Comment

by:whoam
ID: 35041042
and ...

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1746
Date:            3/4/2011
Time:            7:03:00 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      server
Description:
The following domain has been removed from the forest and the domain objects will be removed from the global catalog.
 
Domain:
DC=test,DC=domain,DC=com

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Account lockouts 22 69
How to prioritize LOGONSERVER for clients? 1 40
Remove Installed Application 1 44
Exchange 2007 Active Directory requiements 4 32
I'm sure that every Windows systems administrator has written, or at least used, a batch or VBS login script at some point in their career, whether it is to map network drives, install printers, or set some user preferences.  No more! With Window…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now