Solved

Old Domain Controller server keeps showing up

Posted on 2013-11-23
13
1,980 Views
Last Modified: 2013-12-03
I have an old domain controller GHOST that keeps haunting my network. When i go to my network i see it amongst the other computers when it discovers the network.

i decommisioned this server a long time ago and it is now just a file server. It has a totally new name.

I have two new domain controllers. I notice that there is even a PTR record that keeps showing up everytime i delete it also.

How can I get rid of this server from my network. It seems to grab ip addresses too.
0
Comment
Question by:MEATBALLHERO
  • 4
  • 3
  • 2
  • +3
13 Comments
 
LVL 35

Assisted Solution

by:Mahesh
Mahesh earned 250 total points
Comment Utility
You can check your active directory users and computers and search it name
will you be able to find it there ?

You might have computer \ member server with same name in network and its registering its host record and PTR record as well.

You can cross check by pinging PTR record
ping -a <IP of computer>
once you found hostname, try to ping host record as well and verify that both are pointing to same computer..

Mahesh
0
 
LVL 16

Expert Comment

by:Learnctx
Comment Utility
Perform a metadata clean-up if you have not done so already and make sure you have completely removed any DNS references to the server (as a name server, any SRV records, etc).

I've used this guide without fail for years as far as metadata cleanups go.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Server 2008 and above is supposed to do this stuff automatically but personally I have found it is not always as full proof as doing it by hand.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
I would also recommend making sure that meta-data is cleaned up. Another thing to watch out for when decommissioning a DC is make sure that the SRV records are not referencing the old DC as well. If there are any SRV records make sure that you delete them.

SRV records are located in DNS>Domain Zone>_msdcs. Under there you will see DC, GC, PDC etc. Go through those and delete any records that are were from the old DC.

Will.
0
 

Author Comment

by:MEATBALLHERO
Comment Utility
I did this before. Just tried it again. The server does not show up. It must have something else that is causing it to show up.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
When you say it is showing up what is it doing exactly, and where is it showing up?

Will.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
Comment Utility
Can you try pinging the old server name with ip address and name do you get response. Also check your file server which was acting as dc before it should not have multiple nic configured. Can you post the ipconfig /all details of your file server and dcdiag /q and repadmin /replsum of online dc.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 16

Expert Comment

by:Learnctx
Comment Utility
Yes if you could elaborate on 'showing' up that would be handy. Do you mean it just resolves? Ping could be using the local DNS cache on the machine or WINS, so use nslookup instead and see if the server name resolves. If it is the IP, check that the reverse lookup for the server has been removed as well.

Is the domain controller still in Active Directory sites and services? Has it had its replication objects deleted from there? Do any servers in sites and services still have replication links to the decommissioned DC's object?
0
 
LVL 35

Expert Comment

by:Mahesh
Comment Utility
Even server entry may be remain with AD metadata, how can it automatically updates the PTR record ?
 
You have said that you already removed server from active directory and changed its hostname also and now using as file server
Also you said that you can able to view computer account while browsing network computers

Like i said in my 1st comment, you must be having alive computer account in AD as member server \ computer which is actually updating PTR record even after deletion.

You will find Host (A) record also in DNS in that case.

Just try to find this computer from ad users and computers and then try to connect it
to identify the truth.

Mahesh
0
 

Author Comment

by:MEATBALLHERO
Comment Utility
Showing up....means I can see the the icon in my network places. The name of the computer used to be HQFX1 and it was a domain controller a long time ago. I removed dcpromo did a meta cleanup and removed services DNS and DHCP. Then i renamed the computer to NAS02. Now I can see both HQFX1 and NAS02 in my network places.

If I click on HQFX1 it times out. I deleted the PTR and Host records from Domain Controller but it is still pops up on Network places.
0
 

Author Comment

by:MEATBALLHERO
Comment Utility
Also I deleted the computer name from ADS Users and computers. But it still pops up. Could it be something still on NAS02.
0
 
LVL 25

Accepted Solution

by:
DrDave242 earned 250 total points
Comment Utility
Open an elevated command prompt on the affected server and run the following command:

netdom computername <new_computer_name> /enumerate:allnames

This will display all registered names for the server in question. If the old name is still listed as an alternate, run this command to remove it:

netdom computername <new_computer_name> /remove:<old_computer_name>

Then reboot the server.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
Comment Utility
Does this happen on all machines that you try and use Network Places or is it one particular server/workstation?

If it is only 1 specific server it could just be a ghost object with in your profile which i have seen cases like this. This would only be the case if it has not happened on any other servers/workstations.

Will.
0
 

Author Closing Comment

by:MEATBALLHERO
Comment Utility
Both Steps Are Necessary.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now