help with removing old domain controller

Posted on 2013-01-22
Last Modified: 2013-01-28
Here is my situation. Replication is failing somewhere, I'm not sure where to fix it. I can run some dcdiag reports, but I'm not sure which ones to run. I can paste results here.

DC01old is a demoted Win2003 DC that is powered off and gone.
DC02old is a win2003 DC that is still active but I want to demote it

The 3 new DC's (DC01, DC02, DC03) are replicating with DC02old.
DC02old still shows DC01old in the ntds settings. This should not be there, I would assume.

I tried using ntdsutil to do some meta cleanup but it showed nothing to cleanup.

There is the option to right-click DC01old in ntds settings and Delete, but I dont want to screw anything up. For Site3/DC03 I did manually add DC01 and tried to replicate but getting the 'Naming context is in the process of being removed' error. Any ideas?? Thanks.

Sitename            From Server
DC01            DC02old

DC02            DC02old
DC02old            DC01old, DC02, DC03

DC03            DC02old
Question by:cb_it
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 57

Accepted Solution

Mike Kline earned 500 total points
ID: 38805805
Are you running 2008 on your new DCs, if so you can safely delete that old box.  That is how metadata cleanup is done in 2008 and newer



Author Comment

ID: 38805858
Yes, new servers are 2008R2.

Thanks for the link, and quick reply. The article mentions right-click on NTDS settings and hit delete. My old server DC01old isnt on the left hand side as a server, it only shows up as a replication partner when I click on DC02old.

It actually shows DC01old\OADEL:0a7a378d.... blah blah.

Is this safe to delete, I would assume considering this server doesnt exist. But would this be causing my replication to fail? What about that naming context error??
LVL 57

Expert Comment

by:Mike Kline
ID: 38805864
Yes you can delete that connection object, do you see any other places where DC01 is listed (DNS, ADUC, sites and services, etc)


MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.


Author Comment

ID: 38805891
Again, thanks for the quick response, Mike.

I did delete it from ADUC and from DNS, but I did double check and I see the old server in DNS with a Name Server (NS) record. The server is gone so again I would assume this can safely go?

repadmin /showreps says replication failed because of a schema mismatch.

Author Comment

ID: 38811112
Anyone have any ideas to help me out, I'm pretty stuck. Replication is still failing. Tons of KCC errors everywhere.

In AD Sites and services I dont see all of domain controllers listed under each NTDS Settings. Some DC's are here, some are there, some not at all. Any help would be greatly appreciated, thanks.
LVL 57

Expert Comment

by:Mike Kline
ID: 38811160
Yes delete the server from name servers and any other references you find.  

Did you see this KB for schema mismatch (it is a long one)



Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Last week, our Skyport webinar on “How to secure your Active Directory” ( provided 218 attendees with a step-by-step guide for…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question