Solved

Child Domain Remains in Domains and Trusts after metadata Cleanup

Posted on 2011-02-25
8
1,310 Views
Last Modified: 2012-05-11
Some time ago a SAN admin thought it would be okay to kill a lun b/c it was a test server.  While it was a test domain, it was a child of the production.  I know, but we don't have the funds to build a proper test environ.  Anyway, I did a metadata cleanup, but today (several months later) the deleted DC reappeared in Sites and Service.  It's domain reappeared in Trusts & Domains.  I can't do another metadata b/c the domain the serve existed in is not available for selection.  I was able to deleted the old server object from sites and service, but Domain and Trusts doesn't let me delete domains.  How can I get rid of the domain and where should I look to be sure the DC is gone.

domain is 7 site 2003 functional level, all 2003 boxes/DCs.
0
Comment
Question by:whoam
  • 5
  • 2
8 Comments
 
LVL 4

Expert Comment

by:greggy86
ID: 34985209
run dcdiag, this will tell you the state of the child domain and DCs
also this tells me the domain is still registered in DNS despite the metadata cleanup - you may have to manually clean up the srv resource records. http://www.petri.co.il/active_directory_srv_records.htm
when done run dcdiag again
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 500 total points
ID: 34986763
You could check to see if there are any domain partitions left lingering. ie. the child domains DNS zone.

http://www.windowsitpro.com/article/domains2/q-how-can-i-avoid-receiving-an-0x2015-error-when-i-use-ntdsutil-to-delete-a-nonexistent-domain-.aspx
0
 

Author Comment

by:whoam
ID: 35003202
I ran the DC Diag.  It fails the systemlog test, but I could not find the erros lited in the system log.  I don't see where it lists the test.company.com domain.
Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Main-Office\<SERVER>
      Starting test: Connectivity
         ......................... <SERVER> passed test Connectivity

Doing primary tests

   Testing server: Main-Office\<SERVER>
      Starting test: Replications
         ......................... <SERVER> passed test Replications
      Starting test: NCSecDesc
         ......................... <SERVER> passed test NCSecDesc
      Starting test: NetLogons
         ......................... <SERVER> passed test NetLogons
      Starting test: Advertising
         ......................... <SERVER> passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... <SERVER> passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... <SERVER> passed test RidManager
      Starting test: MachineAccount
         ......................... <SERVER> passed test MachineAccount
      Starting test: Services
         ......................... <SERVER> passed test Services
      Starting test: ObjectsReplicated
         ......................... <SERVER> passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... <SERVER> passed test frssysvol
      Starting test: frsevent
         ......................... <SERVER> passed test frsevent
      Starting test: kccevent
         ......................... <SERVER> passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:00:49
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:00:49
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:00:49
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:01:02
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:01:02
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:01:03
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:01:03
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:01:04
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:01:04
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:01:11
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:01:11
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 02/28/2011   20:01:12
            (Event String could not be retrieved)
         ......................... <SERVER> failed test systemlog
      Starting test: VerifyReferences
         ......................... <SERVER> passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidatio

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidatio

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : Company
      Starting test: CrossRefValidation
         ......................... Company passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Company passed test CheckSDRefDom

   Running enterprise tests on : Company.com
      Starting test: Intersite
         ......................... Company.com passed test Intersite
      Starting test: FsmoCheck
         ......................... Company.com passed test FsmoCheck

Open in new window

0
 

Author Comment

by:whoam
ID: 35003233
I did find the test domain in DNS.  I have deleted it.  It'll take rep time to see if that produces our desired effect.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 21

Assisted Solution

by:snusgubben
snusgubben earned 500 total points
ID: 35004405
Did you check with NTDSUTIL if you have any domain partition for the child left?
0
 

Author Comment

by:whoam
ID: 35041026


snusgubben,

I am trying the NTDSUTIL now.  I found two related entries...
5 - DC=test,DC=domain,DC=com
6 - DC=DomainDnsZones,DC=test,DC=domain,DC=com

I tried the command

delete NC DC=DomainDnsZone,DC=test,DC=domain,DC=com

returned

ldap_delete_ext_sW error 0x20(32 (No Such Object).

the command

delete NC DC=test,DC=domain,DC=com

returned

ldap_delete_ext_sW error 0x42(66 (Not allowed on Non-leaf).
Ldap extended error message is 00002015: UpdErr: DSID-03100B8E, problem 6003 (C
NT_ON_NON_LEAF), data 0

Win32 error returned is 0x2015(The directory service can perform the requested
peration only on a leaf object.)
)


***********************************************************************
duh, syntax!  
delete NC DC=DomainDnsZones,DC=test,DC=domain,DC=com
worked, I was missing the s in Zones

the command
delete NC DC=test,DC=domain,DC=com
also worked so I am waiting to see.

I did look into a metadata cleanup, but the test domain was not listed.
0
 

Author Comment

by:whoam
ID: 35041032
got this in the DS log...
Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1270
Date:            3/4/2011
Time:            7:02:59 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      TB105007
Description:
The following directory partition has been removed from the Active Directory forest. As a result, the following directory partition is no longer replicated from the source domain controller at the following network address.
 
Directory partition:
DC=test,DC=domain,DC=com
Source domain controller:
CN=NTDS Settings,CN=server,CN=Servers,CN=DR-COLO,CN=Sites,CN=Configuration,DC=domain,DC=com
Network address:
8b8e9030-6d6b-492f-b1fd-d90948a65cc8._msdcs.domain.com

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
 

Author Comment

by:whoam
ID: 35041042
and ...

Event Type:      Information
Event Source:      NTDS KCC
Event Category:      Knowledge Consistency Checker
Event ID:      1746
Date:            3/4/2011
Time:            7:03:00 PM
User:            NT AUTHORITY\ANONYMOUS LOGON
Computer:      server
Description:
The following domain has been removed from the forest and the domain objects will be removed from the global catalog.
 
Domain:
DC=test,DC=domain,DC=com

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

[b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now