Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

SBS2008 BPA: Source Server remains in AD

Posted on 2011-03-08
11
Medium Priority
?
1,306 Views
Last Modified: 2012-08-13
The Source Server that is running Windows SBS 2003 (<<servername>>) still exists in the Active Directory Sites and Services in the Default-First-Site-Name. You should remove this server from AD Sites and Services after you demote the server and remove it from the domain.

This is what I get from a BPA scan at a new client, the previous ICT consultant forgot to demote the old 2003 server.  This server has been reinstalled at the mean time.  I also see errors & warnings in update service that is trying to apply updates to this old non existant server anymore.

What is best practice to remove this server from the 2008 domain?  Just remove it from AD users & computers + sites & services?  Or is there more that's need to be done.
0
Comment
Question by:PlusIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 21

Assisted Solution

by:Jeremy Weisinger
Jeremy Weisinger earned 1000 total points
ID: 35068931
All you should need to do is delete the object from Sites and Services, go through DNS and remove entries for the old SBS server, and if the old SBS server is in the Domain Controllers OU you should delete it from there too making sure you select "This Domain Controller is permanently offline..."

For more info check out this link http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx
0
 
LVL 10

Author Comment

by:PlusIT
ID: 35069122
thx for the feedback, what about the update services?  Will these auto follow?
0
 
LVL 21

Expert Comment

by:Jeremy Weisinger
ID: 35069293
You can just delete the computer from the WSUS console.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 35074946
Since this was a DC, there will actually be a bit more involved.

1) Have a backup!!!!
2) Remove the computer from ADUC
3) Remove the computer from ADSS
4) Perform a metadata cleanup (this is a step *COMMONLY* skipped)
5) Clean up any DNS entries (another step commonly skipped)
6) Remove the computer from the WSUS console

My_Username hit the high points, but I didn't notice a metadata cleanup and, particularly with SBS, this causes issues down the road. MS has a full technet article on the process.

-Cliff
0
 
LVL 21

Expert Comment

by:Jeremy Weisinger
ID: 35075555
Thanks for breaking it down, Cliff. I actually did hit all those points you listed except for the backup part. Notice the "...making sure you select "This Domain Controller is permanently offline..." part of my original post. In 2008 this does the metadata cleanup for you. Following the link I posted will also give you more detail on what that does.

-MU
0
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 35088239
As an FYI, I can tell you firsthand (verified by MS) during the SBS 2011 beta process that the GUI does not always clean up all the metadata. The documented NTDSUtil process is still, sadly, the only way to be sure. But yeah, I see the point you are driving at.

-Cliff
0
 
LVL 21

Expert Comment

by:Jeremy Weisinger
ID: 35090879
Good to know. Do you know if that has been resolved in the RTM? I haven't heard that it was an issue in SBS 2008. Let us know if you heard different, otherwise I think PlusIT can go ahead with following the steps I originally posted along with making sure there's a backup available before altering AD.

Thanks Cliff!

0
 
LVL 59

Accepted Solution

by:
Cliff Galiher earned 1000 total points
ID: 35099525
No, this is an issue with the underlying AD tools, not specific to SBS. When we found it, the general reply was "yeah, we know, but ntdsutil works" ...and the problem is in 2008 and 2008 R2. There are specific conditions that cause the GUI to leave metadata floating around, so in some cases, it works fine, but when they hit, they can be obnoxious. It was just a bigger deal with SBS because in many cases the migrations from 2003/2008 to 2011 will be performed by IT generalists, not AD experts.  But since the problem lies in the 2008 R2 code, no it is not fixed in RTM and probably won't be fixed until the next full version of Windows (or the version after, or the versoin after that.)

Certainly not a showstopper, but having access to that ntdsutil procedure is a big plus and I believe got included (or at least a link to it) in the latest round of 2011 migration docs.

-Cliff
0
 
LVL 10

Author Comment

by:PlusIT
ID: 35106581
thx for the comments guys i will check on this and see if the GUI left some things behind.  I'll get back to this in a few days.
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 35446327
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question