Solved

SBS2008 BPA: Source Server remains in AD

Posted on 2011-03-08
11
1,260 Views
Last Modified: 2012-08-13
The Source Server that is running Windows SBS 2003 (<<servername>>) still exists in the Active Directory Sites and Services in the Default-First-Site-Name. You should remove this server from AD Sites and Services after you demote the server and remove it from the domain.

This is what I get from a BPA scan at a new client, the previous ICT consultant forgot to demote the old 2003 server.  This server has been reinstalled at the mean time.  I also see errors & warnings in update service that is trying to apply updates to this old non existant server anymore.

What is best practice to remove this server from the 2008 domain?  Just remove it from AD users & computers + sites & services?  Or is there more that's need to be done.
0
Comment
Question by:PlusIT
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 18

Assisted Solution

by:Jeremy Weisinger
Jeremy Weisinger earned 250 total points
ID: 35068931
All you should need to do is delete the object from Sites and Services, go through DNS and remove entries for the old SBS server, and if the old SBS server is in the Domain Controllers OU you should delete it from there too making sure you select "This Domain Controller is permanently offline..."

For more info check out this link http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx
0
 
LVL 10

Author Comment

by:PlusIT
ID: 35069122
thx for the feedback, what about the update services?  Will these auto follow?
0
 
LVL 18

Expert Comment

by:Jeremy Weisinger
ID: 35069293
You can just delete the computer from the WSUS console.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 35074946
Since this was a DC, there will actually be a bit more involved.

1) Have a backup!!!!
2) Remove the computer from ADUC
3) Remove the computer from ADSS
4) Perform a metadata cleanup (this is a step *COMMONLY* skipped)
5) Clean up any DNS entries (another step commonly skipped)
6) Remove the computer from the WSUS console

My_Username hit the high points, but I didn't notice a metadata cleanup and, particularly with SBS, this causes issues down the road. MS has a full technet article on the process.

-Cliff
0
 
LVL 18

Expert Comment

by:Jeremy Weisinger
ID: 35075555
Thanks for breaking it down, Cliff. I actually did hit all those points you listed except for the backup part. Notice the "...making sure you select "This Domain Controller is permanently offline..." part of my original post. In 2008 this does the metadata cleanup for you. Following the link I posted will also give you more detail on what that does.

-MU
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 35088239
As an FYI, I can tell you firsthand (verified by MS) during the SBS 2011 beta process that the GUI does not always clean up all the metadata. The documented NTDSUtil process is still, sadly, the only way to be sure. But yeah, I see the point you are driving at.

-Cliff
0
 
LVL 18

Expert Comment

by:Jeremy Weisinger
ID: 35090879
Good to know. Do you know if that has been resolved in the RTM? I haven't heard that it was an issue in SBS 2008. Let us know if you heard different, otherwise I think PlusIT can go ahead with following the steps I originally posted along with making sure there's a backup available before altering AD.

Thanks Cliff!

0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 250 total points
ID: 35099525
No, this is an issue with the underlying AD tools, not specific to SBS. When we found it, the general reply was "yeah, we know, but ntdsutil works" ...and the problem is in 2008 and 2008 R2. There are specific conditions that cause the GUI to leave metadata floating around, so in some cases, it works fine, but when they hit, they can be obnoxious. It was just a bigger deal with SBS because in many cases the migrations from 2003/2008 to 2011 will be performed by IT generalists, not AD experts.  But since the problem lies in the 2008 R2 code, no it is not fixed in RTM and probably won't be fixed until the next full version of Windows (or the version after, or the versoin after that.)

Certainly not a showstopper, but having access to that ntdsutil procedure is a big plus and I believe got included (or at least a link to it) in the latest round of 2011 migration docs.

-Cliff
0
 
LVL 10

Author Comment

by:PlusIT
ID: 35106581
thx for the comments guys i will check on this and see if the GUI left some things behind.  I'll get back to this in a few days.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 35446327
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now