Solved

Removing a tombstoned DC?

Posted on 2012-03-28
8
1,288 Views
Last Modified: 2012-03-29
Two DC's, one tombstoned after 60 days, and was turned back on.  oops.

That was a 2003 DC.

The current DC is 2008 R2.

Is there an good easy way to get rid of this DC so I can create a new one? (that's the problem actually, that we can't promote a new DC, so we need to remove the old one as part of our cleanup process.)

Thank you for any help,

David
0
Comment
Question by:NeoDavidShepherd
  • 3
  • 3
  • 2
8 Comments
 
LVL 21

Expert Comment

by:motnahp00
ID: 37779880
Does the current W2K8R2 DC have all of the OM roles?

You can check with "netdom query fsmo".
0
 
LVL 21

Expert Comment

by:motnahp00
ID: 37779999
Seize any of the missing roles to your DC using ntdsutil.

Here's some additional info from my W2K8R2 Unleashed book:

Retiring “Phantom” Domain Controllers
As is often the case in Active Directory, domain controllers might have been removed from the forest without first being demoted. They become phantom domain controllers and basically haunt the Active Directory, causing strange errors to pop up every so often. This is because of a couple remnants in the Active Directory, specifically the NTDS Settings object and the SYSVOL replication object. These phantom DCs might come about because of server failure or problems in the administrative process, but you should remove those servers and remnant objects from the directory to complete the upgrade to Windows Server 2008 R2. Not doing so will result in errors in the event logs and in the DCDIAG output as well as potentially raising the domain and forest to the latest functional level.
Simply deleting the computer object from Active Directory Sites and Services does not work. Instead, you need to use a low-level directory tool, ADSIEdit, to remove these servers properly. The following steps outline how to use ADSIEdit to remove these phantom domain controllers:
1.      Launch Server Manager.
2.      Expand the Roles node and select the Active Directory Domain Services node.
3.      Scroll down to the Advanced Tools section of the page and click on the ADSI Edit link.
4.      In the ADSIEdit window, select Action, Connect To.
5.      In the Select a Well Known Naming Context drop-down menu, select Configuration and click OK.
6.      Select the Configuration node.
7.      Navigate to Configuration\CN=Configuration\CN=Sites\CN=<Sitename>\CN=Servers\CN=<Servername>, where <Sitename> and <Servername> correspond to the location of the phantom domain controller.
8.      Right-click the CN=NTDS Settings, and click Delete.
9.      At the prompt, click Yes to delete the object.
10.      In the ADSIEdit window, select the top-level ADSIEdit node, and then select Action, Connect To.
11.      In the Select a Well Known Naming Context drop-down menu, select Default Naming Context, and click OK.
12.      Select the Default Naming Context node.
13.      Navigate to Default naming context \CN=System\CN=File Replication Service\CN=Domain System Volume(SYSVOL share)\CN=<Servername>, where <Servername> corresponds to the name of the phantom domain controller.
14.      Right-click the CN=<Servername>, and select Delete.
15.      At the prompt, click Yes to delete the object.
16.      Close ADSIEdit.
At this point, after the NTDS Settings are deleted, the server can be normally deleted from the Active Directory Sites and Services snap-in.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37780155
Wow who wrote that book, that is wrong information, what is odd is that it is a Windows 2008 R2 book.  The information should be better in a newer book.

Since that DC hasn't replicated in the TSL you have a few options.

1.  Just run a metadata cleanup and rebuild the DC (install the OS, promote etc0

2.  Run dcpromo /forceremoval  then a metadata cleanup then when that is done you can promote it again.

By the way metadata cleanup is much easier in 2008     http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

That is why I'm surprised about the book and not having that in there.

If that 2003 DC held FSMO roles you will have to seize them but I'm guessing it didn't

On another note, try and get a second DC up when you can

Thanks

Mike
0
 

Author Comment

by:NeoDavidShepherd
ID: 37782234
Thank you very much...

Sorry to continue here, but SURELY there is a way to remove the DC without having to power it back on, etc.?

I mean, if a DC's hw goes bad, lightning or whatever, there must be a way to remove it from the AD without rebuilding one just to remove it? The thing is, every time I power this thing on, it causes problems in our production environment. People be gettin peeved, if you know what I mean!

I'm trying to promote a new DC and I get errors about this old one, so step one is to remove the old one!

SO, if there is a way to remove a DC from AD without powering it on, that's what I need to do.

The new one has all the FSMO roles, or claims too.

Step one, remove old DC without turning it back on. Is there a way?  I sure can't find it yet!

Thank you kindly...
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 37782331
Yes you don't need to turn the old one back on, many times it can't be.  That is why you can run metadata cleanup    http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

Thanks

Mike
0
 

Author Closing Comment

by:NeoDavidShepherd
ID: 37782660
Thank you for the clarification. I misunderstood what you were saying!

Much appreciated!  I love a clean tutorial link...  (I'm a DC virgin)
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 37782672
Glad to help, good working getting rid of that dead DC
0
 

Author Comment

by:NeoDavidShepherd
ID: 37782680
Also, thanks very much to  motnahp00, for information I will probably go over to learn the details of what's happening.

The other answer got me there quicker, but knowing the details is MARVELOUS.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Synchronize a new Active Directory domain with an existing Office 365 tenant
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now