• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1739
  • Last Modified:

Removing a tombstoned DC?

Two DC's, one tombstoned after 60 days, and was turned back on.  oops.

That was a 2003 DC.

The current DC is 2008 R2.

Is there an good easy way to get rid of this DC so I can create a new one? (that's the problem actually, that we can't promote a new DC, so we need to remove the old one as part of our cleanup process.)

Thank you for any help,

David
0
NeoDavidShepherd
Asked:
NeoDavidShepherd
  • 3
  • 3
  • 2
1 Solution
 
motnahp00Commented:
Does the current W2K8R2 DC have all of the OM roles?

You can check with "netdom query fsmo".
0
 
motnahp00Commented:
Seize any of the missing roles to your DC using ntdsutil.

Here's some additional info from my W2K8R2 Unleashed book:

Retiring “Phantom” Domain Controllers
As is often the case in Active Directory, domain controllers might have been removed from the forest without first being demoted. They become phantom domain controllers and basically haunt the Active Directory, causing strange errors to pop up every so often. This is because of a couple remnants in the Active Directory, specifically the NTDS Settings object and the SYSVOL replication object. These phantom DCs might come about because of server failure or problems in the administrative process, but you should remove those servers and remnant objects from the directory to complete the upgrade to Windows Server 2008 R2. Not doing so will result in errors in the event logs and in the DCDIAG output as well as potentially raising the domain and forest to the latest functional level.
Simply deleting the computer object from Active Directory Sites and Services does not work. Instead, you need to use a low-level directory tool, ADSIEdit, to remove these servers properly. The following steps outline how to use ADSIEdit to remove these phantom domain controllers:
1.      Launch Server Manager.
2.      Expand the Roles node and select the Active Directory Domain Services node.
3.      Scroll down to the Advanced Tools section of the page and click on the ADSI Edit link.
4.      In the ADSIEdit window, select Action, Connect To.
5.      In the Select a Well Known Naming Context drop-down menu, select Configuration and click OK.
6.      Select the Configuration node.
7.      Navigate to Configuration\CN=Configuration\CN=Sites\CN=<Sitename>\CN=Servers\CN=<Servername>, where <Sitename> and <Servername> correspond to the location of the phantom domain controller.
8.      Right-click the CN=NTDS Settings, and click Delete.
9.      At the prompt, click Yes to delete the object.
10.      In the ADSIEdit window, select the top-level ADSIEdit node, and then select Action, Connect To.
11.      In the Select a Well Known Naming Context drop-down menu, select Default Naming Context, and click OK.
12.      Select the Default Naming Context node.
13.      Navigate to Default naming context \CN=System\CN=File Replication Service\CN=Domain System Volume(SYSVOL share)\CN=<Servername>, where <Servername> corresponds to the name of the phantom domain controller.
14.      Right-click the CN=<Servername>, and select Delete.
15.      At the prompt, click Yes to delete the object.
16.      Close ADSIEdit.
At this point, after the NTDS Settings are deleted, the server can be normally deleted from the Active Directory Sites and Services snap-in.
0
 
Mike KlineCommented:
Wow who wrote that book, that is wrong information, what is odd is that it is a Windows 2008 R2 book.  The information should be better in a newer book.

Since that DC hasn't replicated in the TSL you have a few options.

1.  Just run a metadata cleanup and rebuild the DC (install the OS, promote etc0

2.  Run dcpromo /forceremoval  then a metadata cleanup then when that is done you can promote it again.

By the way metadata cleanup is much easier in 2008     http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

That is why I'm surprised about the book and not having that in there.

If that 2003 DC held FSMO roles you will have to seize them but I'm guessing it didn't

On another note, try and get a second DC up when you can

Thanks

Mike
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
NeoDavidShepherdAuthor Commented:
Thank you very much...

Sorry to continue here, but SURELY there is a way to remove the DC without having to power it back on, etc.?

I mean, if a DC's hw goes bad, lightning or whatever, there must be a way to remove it from the AD without rebuilding one just to remove it? The thing is, every time I power this thing on, it causes problems in our production environment. People be gettin peeved, if you know what I mean!

I'm trying to promote a new DC and I get errors about this old one, so step one is to remove the old one!

SO, if there is a way to remove a DC from AD without powering it on, that's what I need to do.

The new one has all the FSMO roles, or claims too.

Step one, remove old DC without turning it back on. Is there a way?  I sure can't find it yet!

Thank you kindly...
0
 
Mike KlineCommented:
Yes you don't need to turn the old one back on, many times it can't be.  That is why you can run metadata cleanup    http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

Thanks

Mike
0
 
NeoDavidShepherdAuthor Commented:
Thank you for the clarification. I misunderstood what you were saying!

Much appreciated!  I love a clean tutorial link...  (I'm a DC virgin)
0
 
Mike KlineCommented:
Glad to help, good working getting rid of that dead DC
0
 
NeoDavidShepherdAuthor Commented:
Also, thanks very much to  motnahp00, for information I will probably go over to learn the details of what's happening.

The other answer got me there quicker, but knowing the details is MARVELOUS.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 3
  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now