Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1326
  • Last Modified:

SBS2008 BPA: Source Server remains in AD

The Source Server that is running Windows SBS 2003 (<<servername>>) still exists in the Active Directory Sites and Services in the Default-First-Site-Name. You should remove this server from AD Sites and Services after you demote the server and remove it from the domain.

This is what I get from a BPA scan at a new client, the previous ICT consultant forgot to demote the old 2003 server.  This server has been reinstalled at the mean time.  I also see errors & warnings in update service that is trying to apply updates to this old non existant server anymore.

What is best practice to remove this server from the 2008 domain?  Just remove it from AD users & computers + sites & services?  Or is there more that's need to be done.
0
PlusIT
Asked:
PlusIT
  • 4
  • 3
  • 2
  • +1
2 Solutions
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
All you should need to do is delete the object from Sites and Services, go through DNS and remove entries for the old SBS server, and if the old SBS server is in the Domain Controllers OU you should delete it from there too making sure you select "This Domain Controller is permanently offline..."

For more info check out this link http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx
0
 
PlusITAuthor Commented:
thx for the feedback, what about the update services?  Will these auto follow?
0
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
You can just delete the computer from the WSUS console.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
Cliff GaliherCommented:
Since this was a DC, there will actually be a bit more involved.

1) Have a backup!!!!
2) Remove the computer from ADUC
3) Remove the computer from ADSS
4) Perform a metadata cleanup (this is a step *COMMONLY* skipped)
5) Clean up any DNS entries (another step commonly skipped)
6) Remove the computer from the WSUS console

My_Username hit the high points, but I didn't notice a metadata cleanup and, particularly with SBS, this causes issues down the road. MS has a full technet article on the process.

-Cliff
0
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
Thanks for breaking it down, Cliff. I actually did hit all those points you listed except for the backup part. Notice the "...making sure you select "This Domain Controller is permanently offline..." part of my original post. In 2008 this does the metadata cleanup for you. Following the link I posted will also give you more detail on what that does.

-MU
0
 
Cliff GaliherCommented:
As an FYI, I can tell you firsthand (verified by MS) during the SBS 2011 beta process that the GUI does not always clean up all the metadata. The documented NTDSUtil process is still, sadly, the only way to be sure. But yeah, I see the point you are driving at.

-Cliff
0
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
Good to know. Do you know if that has been resolved in the RTM? I haven't heard that it was an issue in SBS 2008. Let us know if you heard different, otherwise I think PlusIT can go ahead with following the steps I originally posted along with making sure there's a backup available before altering AD.

Thanks Cliff!

0
 
Cliff GaliherCommented:
No, this is an issue with the underlying AD tools, not specific to SBS. When we found it, the general reply was "yeah, we know, but ntdsutil works" ...and the problem is in 2008 and 2008 R2. There are specific conditions that cause the GUI to leave metadata floating around, so in some cases, it works fine, but when they hit, they can be obnoxious. It was just a bigger deal with SBS because in many cases the migrations from 2003/2008 to 2011 will be performed by IT generalists, not AD experts.  But since the problem lies in the 2008 R2 code, no it is not fixed in RTM and probably won't be fixed until the next full version of Windows (or the version after, or the versoin after that.)

Certainly not a showstopper, but having access to that ntdsutil procedure is a big plus and I believe got included (or at least a link to it) in the latest round of 2011 migration docs.

-Cliff
0
 
PlusITAuthor Commented:
thx for the comments guys i will check on this and see if the GUI left some things behind.  I'll get back to this in a few days.
0
 
QlemoC++ DeveloperCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now