How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.
Solved
How to remove Backup DC NTDS Settings
Posted on 2013-06-14
We have 2 DCs (Server 2003) - primary and backup. Our backup went offline for longer than 60 days and became stale. We have demoted the backup DC using dcpromo cmd. Here's what happened:
1. Ran "dcpromo". The removal failed because of Access is denied error.
2. Ran "dcpromo /forceremoval", as per this article: http://technet.microsoft.com/en-us/library/cc731871(v=ws.10).aspx
3. Tried to clean up the backup DC (now with DC roles removed) with ntdsutil.exe, but the commands were also failing with Access is denied error. So I couldn't perform steps in this article: http://support.microsoft.com/kb/216498?wa=wsignin1.0
4. Rebooted the backup DC. Now it's just a regular domain member.
But in the primary DC's Sites and Services tree, the backup DC is still showing up (of course replicating to it fails with "no endpoint" error). In addition, that backup DC node has NTDS Setting child node inside. And I read here, that if NTDS Settings child node exists for a DC, then that DC should not be removed from Sites and Services:
http://technet.microsoft.com/en-us/library/cc738355(v=ws.10).aspx (says it in the "Important" section)
My question: Can remove that NTDS Setting child node from the decommissioned DC? Are there any adverse effects? Then can I remove the backup Dc from the tree?
Thanks.
1. Ran "dcpromo". The removal failed because of Access is denied error.
2. Ran "dcpromo /forceremoval", as per this article: http://technet.microsoft.com/en-us/library/cc731871(v=ws.10).aspx
3. Tried to clean up the backup DC (now with DC roles removed) with ntdsutil.exe, but the commands were also failing with Access is denied error. So I couldn't perform steps in this article: http://support.microsoft.com/kb/216498?wa=wsignin1.0
4. Rebooted the backup DC. Now it's just a regular domain member.
But in the primary DC's Sites and Services tree, the backup DC is still showing up (of course replicating to it fails with "no endpoint" error). In addition, that backup DC node has NTDS Setting child node inside. And I read here, that if NTDS Settings child node exists for a DC, then that DC should not be removed from Sites and Services:
http://technet.microsoft.com/en-us/library/cc738355(v=ws.10).aspx (says it in the "Important" section)
My question: Can remove that NTDS Setting child node from the decommissioned DC? Are there any adverse effects? Then can I remove the backup Dc from the tree?
Thanks.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3 Comments
Active today
Try Transferring or seizing the FSMO roles over to the primary DC.
Check the link below,
http://support.microsoft.com/kb/255504
Check the link below,
http://support.microsoft.com/kb/255504
Do meta data cleanup also check fsmo roles owner. NetDOM /query FSMO
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
http://support.microsoft.com/kb/2002413
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
http://support.microsoft.com/kb/2002413
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP, Windows Server…
- Ransomware
- Experts Exchange
- Windows XP
- Windows OS
- Windows Server 2008
- Windows Server 2003, Security
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month10 days, 3 hours left to enroll
722 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.