Solved

Active Directory cleaning after role seizure

Posted on 2012-04-05
4
501 Views
Last Modified: 2012-06-27
Hi everyone,

I had a network with the 2 DC's below.

DC 1: Windows Server 2003, holder of all FSMOs.
DC 2: Windows Server 2008.

DC1 died, and it was not possible to recover.  I seized all roles on DC2, and the domain is working just fine.

My question...

I need to clean up the AD by removing all references to DC1.  As DC1 is forever a memory, what is the best (and complete) way to do this?


I know that this will most likely involve ADSI.  If so, please be as specific as possible.

Many, many thanks!

Barron
0
Comment
Question by:barronfraker
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 250 total points
ID: 37814677
The best way to do this is using ntdsutil and the correct steps are outlined in the following link:

http://www.petri.co.il/delete_failed_dcs_from_ad.htm
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 37814678
It used to involve ntdsutil  (you can still use that method)  but in 2008 it gets easier because a lot of it is through the GUI

http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

when this is done and you are ready try and get another DC up as soon as you can.   This example is perfect for illustrating why 2 DCs is always key.

Thanks

Mike
0
 
LVL 78

Expert Comment

by:arnold
ID: 37814740
The server might not be coming back, but unless you wait till tombstone period the setup a second dc as recommended, the dc1 can be reused for the replacement server.
0
 
LVL 2

Author Comment

by:barronfraker
ID: 37814898
alanhardisty and  mkline71,

Both your posts were helpful.  The GUI-based approach made this last a lot less longer than I had expected, but true to form, Microsoft's solution was incomplete.  Alan's Petri link filled in the blanks (like cleaning out DNS), so now everything is running smoothly.

Thanks to you both!

Barron
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question