Avatar of compdigit44
compdigit44
 asked on

Remove on DC using NTDSUtil

I'm running the Exchange 2010 BPA tools and its detecting an old DC that has long since been removed. Anyway I have gohe through, ntdsutil, ADSIEDIT and DNS and cannot find and reference to this DC, yet BPA is still detecting it.

Any thoughts
Active Directory

Avatar of undefined
Last Comment
Darius Ghassem

8/22/2022 - Mon
Mike Kline

Did you double check sites and services, looks like you did a good job in the other areas.

Thanks


Mike
Darius Ghassem

So, you did go through metadata cleanup to remvoe, right?

http://www.petri.co.il/delete_failed_dcs_from_ad.htm
compdigit44

ASKER
I have a parent child domain and the DC is not listed in Sites in Services in either domain. ALso I have tried using metadate cleanup but it doesn't detect the server which I need to remove
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Darius Ghassem

Has be listed in metadata some where. Post the Exchange BPA report
compdigit44

ASKER
I cannot post the BPA results..Is there a why I can run a search in NTDSUTIL
Darius Ghassem

No search function
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
compdigit44

ASKER
I have been though the MS KB 5 times already yet I know this DC is references some where.
compdigit44

ASKER
what about a ldap search???
Darius Ghassem

Your help has saved me hundreds of hours of internet surfing.
fblack61
compdigit44

ASKER
Yes, it didn't find the server
Darius Ghassem

So, when you go through these steps

Determine the DN of the server
There are several ways to obtain the DN of the server object that is to be removed. The following example uses Ldp.exe. To obtain the DN by using Ldp.exe, follow these steps:
Run LDP.
Bind to rootDSE.
Select View\tree. Base DN should be cn=configuration,dc=rootdomain,dc=<suffix>.
Expand Sites.
Expand the site where the server object resides.
Expand Servers.
Expand the server that you are removing.
Look for a line on the right hand side that starts with DN.
Copy whole line excluding the DN.

Example snip of the first part of the LDP spew:

You find nothing on this server?
compdigit44

ASKER
when I go to sites in LDP there is nothing for me to expand....
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Darius Ghassem

So, you have no sites listed?

Do dcdiag post results
compdigit44

ASKER
Here are the dcdiag results......



Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = ServerA

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: HQ\ServerA

      Starting test: Connectivity

         ......................... ServerA passed test Connectivity



Doing primary tests

   
   Testing server: HQ\ServerA

      Starting test: Advertising

         ......................... ServerA passed test Advertising

      Starting test: FrsEvent

         ......................... ServerA passed test FrsEvent

      Starting test: DFSREvent

         ......................... ServerA passed test DFSREvent

      Starting test: SysVolCheck

         ......................... ServerA passed test SysVolCheck

      Starting test: KccEvent

         ......................... ServerA passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... ServerA passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... ServerA passed test MachineAccount

      Starting test: NCSecDesc

         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=company,DC=org
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=company,DC=org
         ......................... ServerA failed test NCSecDesc

      Starting test: NetLogons

         ......................... ServerA passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... ServerA passed test ObjectsReplicated

      Starting test: Replications

         ......................... ServerA passed test Replications

      Starting test: RidManager

         ......................... ServerA passed test RidManager

      Starting test: Services

         ......................... ServerA passed test Services

      Starting test: SystemLog

         ......................... ServerA passed test SystemLog

      Starting test: VerifyReferences

         ......................... ServerA passed test VerifyReferences

   
   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : company

      Starting test: CheckSDRefDom

         ......................... company passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... company passed test CrossRefValidation

   
   Running enterprise tests on : company.org

      Starting test: LocatorCheck

         ......................... company.org passed test LocatorCheck

      Starting test: Intersite

         ......................... company.org passed test Intersite
Darius Ghassem

All looks good
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
Darius Ghassem

Go into DNS check to see if record exist for the DC here. Check SRV records and all I think we are going to find the problem here.

The DC is not listed in AD if it was you would get a error message when running dcdiags and repadmin /syncall
compdigit44

ASKER
There are no SRV or A records for this DC listed.
Darius Ghassem

Run repadmin /syncall
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
compdigit44

ASKER
Problem solved. it turns out this server wasn't in AD. The Exchange BPA tools was picking up a reference to this servers in a old config file on my Exchange 2003 server
Mike Kline

Nicely done and good information to have for the future.
ASKER CERTIFIED SOLUTION
Darius Ghassem

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question