help with removing old domain controller

Posted on 2013-01-22
Medium Priority
Last Modified: 2013-01-28
Here is my situation. Replication is failing somewhere, I'm not sure where to fix it. I can run some dcdiag reports, but I'm not sure which ones to run. I can paste results here.

DC01old is a demoted Win2003 DC that is powered off and gone.
DC02old is a win2003 DC that is still active but I want to demote it

The 3 new DC's (DC01, DC02, DC03) are replicating with DC02old.
DC02old still shows DC01old in the ntds settings. This should not be there, I would assume.

I tried using ntdsutil to do some meta cleanup but it showed nothing to cleanup.

There is the option to right-click DC01old in ntds settings and Delete, but I dont want to screw anything up. For Site3/DC03 I did manually add DC01 and tried to replicate but getting the 'Naming context is in the process of being removed' error. Any ideas?? Thanks.

Sitename            From Server
DC01            DC02old

DC02            DC02old
DC02old            DC01old, DC02, DC03

DC03            DC02old
Question by:cb_it
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 57

Accepted Solution

Mike Kline earned 2000 total points
ID: 38805805
Are you running 2008 on your new DCs, if so you can safely delete that old box.  That is how metadata cleanup is done in 2008 and newer




Author Comment

ID: 38805858
Yes, new servers are 2008R2.

Thanks for the link, and quick reply. The article mentions right-click on NTDS settings and hit delete. My old server DC01old isnt on the left hand side as a server, it only shows up as a replication partner when I click on DC02old.

It actually shows DC01old\OADEL:0a7a378d.... blah blah.

Is this safe to delete, I would assume considering this server doesnt exist. But would this be causing my replication to fail? What about that naming context error??
LVL 57

Expert Comment

by:Mike Kline
ID: 38805864
Yes you can delete that connection object, do you see any other places where DC01 is listed (DNS, ADUC, sites and services, etc)


Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.


Author Comment

ID: 38805891
Again, thanks for the quick response, Mike.

I did delete it from ADUC and from DNS, but I did double check and I see the old server in DNS with a Name Server (NS) record. The server is gone so again I would assume this can safely go?

repadmin /showreps says replication failed because of a schema mismatch.

Author Comment

ID: 38811112
Anyone have any ideas to help me out, I'm pretty stuck. Replication is still failing. Tons of KCC errors everywhere.

In AD Sites and services I dont see all of domain controllers listed under each NTDS Settings. Some DC's are here, some are there, some not at all. Any help would be greatly appreciated, thanks.
LVL 57

Expert Comment

by:Mike Kline
ID: 38811160
Yes delete the server from name servers and any other references you find.  

Did you see this KB for schema mismatch (it is a long one)   http://support.microsoft.com/kb/2734946



Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses
Course of the Month9 days, 3 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question