Solved

SBS2008 BPA: Source Server remains in AD

Posted on 2011-03-08
11
1,254 Views
Last Modified: 2012-08-13
The Source Server that is running Windows SBS 2003 (<<servername>>) still exists in the Active Directory Sites and Services in the Default-First-Site-Name. You should remove this server from AD Sites and Services after you demote the server and remove it from the domain.

This is what I get from a BPA scan at a new client, the previous ICT consultant forgot to demote the old 2003 server.  This server has been reinstalled at the mean time.  I also see errors & warnings in update service that is trying to apply updates to this old non existant server anymore.

What is best practice to remove this server from the 2008 domain?  Just remove it from AD users & computers + sites & services?  Or is there more that's need to be done.
0
Comment
Question by:PlusIT
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 18

Assisted Solution

by:Jeremy Weisinger
Jeremy Weisinger earned 250 total points
ID: 35068931
All you should need to do is delete the object from Sites and Services, go through DNS and remove entries for the old SBS server, and if the old SBS server is in the Domain Controllers OU you should delete it from there too making sure you select "This Domain Controller is permanently offline..."

For more info check out this link http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx
0
 
LVL 10

Author Comment

by:PlusIT
ID: 35069122
thx for the feedback, what about the update services?  Will these auto follow?
0
 
LVL 18

Expert Comment

by:Jeremy Weisinger
ID: 35069293
You can just delete the computer from the WSUS console.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 35074946
Since this was a DC, there will actually be a bit more involved.

1) Have a backup!!!!
2) Remove the computer from ADUC
3) Remove the computer from ADSS
4) Perform a metadata cleanup (this is a step *COMMONLY* skipped)
5) Clean up any DNS entries (another step commonly skipped)
6) Remove the computer from the WSUS console

My_Username hit the high points, but I didn't notice a metadata cleanup and, particularly with SBS, this causes issues down the road. MS has a full technet article on the process.

-Cliff
0
 
LVL 18

Expert Comment

by:Jeremy Weisinger
ID: 35075555
Thanks for breaking it down, Cliff. I actually did hit all those points you listed except for the backup part. Notice the "...making sure you select "This Domain Controller is permanently offline..." part of my original post. In 2008 this does the metadata cleanup for you. Following the link I posted will also give you more detail on what that does.

-MU
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 35088239
As an FYI, I can tell you firsthand (verified by MS) during the SBS 2011 beta process that the GUI does not always clean up all the metadata. The documented NTDSUtil process is still, sadly, the only way to be sure. But yeah, I see the point you are driving at.

-Cliff
0
 
LVL 18

Expert Comment

by:Jeremy Weisinger
ID: 35090879
Good to know. Do you know if that has been resolved in the RTM? I haven't heard that it was an issue in SBS 2008. Let us know if you heard different, otherwise I think PlusIT can go ahead with following the steps I originally posted along with making sure there's a backup available before altering AD.

Thanks Cliff!

0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 250 total points
ID: 35099525
No, this is an issue with the underlying AD tools, not specific to SBS. When we found it, the general reply was "yeah, we know, but ntdsutil works" ...and the problem is in 2008 and 2008 R2. There are specific conditions that cause the GUI to leave metadata floating around, so in some cases, it works fine, but when they hit, they can be obnoxious. It was just a bigger deal with SBS because in many cases the migrations from 2003/2008 to 2011 will be performed by IT generalists, not AD experts.  But since the problem lies in the 2008 R2 code, no it is not fixed in RTM and probably won't be fixed until the next full version of Windows (or the version after, or the versoin after that.)

Certainly not a showstopper, but having access to that ntdsutil procedure is a big plus and I believe got included (or at least a link to it) in the latest round of 2011 migration docs.

-Cliff
0
 
LVL 10

Author Comment

by:PlusIT
ID: 35106581
thx for the comments guys i will check on this and see if the GUI left some things behind.  I'll get back to this in a few days.
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 35446327
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now