Solved

Old Domain Controller server keeps showing up

Posted on 2013-11-23
13
2,314 Views
Last Modified: 2013-12-03
I have an old domain controller GHOST that keeps haunting my network. When i go to my network i see it amongst the other computers when it discovers the network.

i decommisioned this server a long time ago and it is now just a file server. It has a totally new name.

I have two new domain controllers. I notice that there is even a PTR record that keeps showing up everytime i delete it also.

How can I get rid of this server from my network. It seems to grab ip addresses too.
0
Comment
Question by:MEATBALLHERO
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
  • +3
13 Comments
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 250 total points
ID: 39671920
You can check your active directory users and computers and search it name
will you be able to find it there ?

You might have computer \ member server with same name in network and its registering its host record and PTR record as well.

You can cross check by pinging PTR record
ping -a <IP of computer>
once you found hostname, try to ping host record as well and verify that both are pointing to same computer..

Mahesh
0
 
LVL 17

Expert Comment

by:Learnctx
ID: 39671979
Perform a metadata clean-up if you have not done so already and make sure you have completely removed any DNS references to the server (as a name server, any SRV records, etc).

I've used this guide without fail for years as far as metadata cleanups go.

http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Server 2008 and above is supposed to do this stuff automatically but personally I have found it is not always as full proof as doing it by hand.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39672017
I would also recommend making sure that meta-data is cleaned up. Another thing to watch out for when decommissioning a DC is make sure that the SRV records are not referencing the old DC as well. If there are any SRV records make sure that you delete them.

SRV records are located in DNS>Domain Zone>_msdcs. Under there you will see DC, GC, PDC etc. Go through those and delete any records that are were from the old DC.

Will.
0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 

Author Comment

by:MEATBALLHERO
ID: 39672023
I did this before. Just tried it again. The server does not show up. It must have something else that is causing it to show up.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39672026
When you say it is showing up what is it doing exactly, and where is it showing up?

Will.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39672051
Can you try pinging the old server name with ip address and name do you get response. Also check your file server which was acting as dc before it should not have multiple nic configured. Can you post the ipconfig /all details of your file server and dcdiag /q and repadmin /replsum of online dc.
0
 
LVL 17

Expert Comment

by:Learnctx
ID: 39672115
Yes if you could elaborate on 'showing' up that would be handy. Do you mean it just resolves? Ping could be using the local DNS cache on the machine or WINS, so use nslookup instead and see if the server name resolves. If it is the IP, check that the reverse lookup for the server has been removed as well.

Is the domain controller still in Active Directory sites and services? Has it had its replication objects deleted from there? Do any servers in sites and services still have replication links to the decommissioned DC's object?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39672682
Even server entry may be remain with AD metadata, how can it automatically updates the PTR record ?
 
You have said that you already removed server from active directory and changed its hostname also and now using as file server
Also you said that you can able to view computer account while browsing network computers

Like i said in my 1st comment, you must be having alive computer account in AD as member server \ computer which is actually updating PTR record even after deletion.

You will find Host (A) record also in DNS in that case.

Just try to find this computer from ad users and computers and then try to connect it
to identify the truth.

Mahesh
0
 

Author Comment

by:MEATBALLHERO
ID: 39672980
Showing up....means I can see the the icon in my network places. The name of the computer used to be HQFX1 and it was a domain controller a long time ago. I removed dcpromo did a meta cleanup and removed services DNS and DHCP. Then i renamed the computer to NAS02. Now I can see both HQFX1 and NAS02 in my network places.

If I click on HQFX1 it times out. I deleted the PTR and Host records from Domain Controller but it is still pops up on Network places.
0
 

Author Comment

by:MEATBALLHERO
ID: 39672982
Also I deleted the computer name from ADS Users and computers. But it still pops up. Could it be something still on NAS02.
0
 
LVL 26

Accepted Solution

by:
DrDave242 earned 250 total points
ID: 39673098
Open an elevated command prompt on the affected server and run the following command:

netdom computername <new_computer_name> /enumerate:allnames

This will display all registered names for the server in question. If the old name is still listed as an alternate, run this command to remove it:

netdom computername <new_computer_name> /remove:<old_computer_name>

Then reboot the server.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39673162
Does this happen on all machines that you try and use Network Places or is it one particular server/workstation?

If it is only 1 specific server it could just be a ghost object with in your profile which i have seen cases like this. This would only be the case if it has not happened on any other servers/workstations.

Will.
0
 

Author Closing Comment

by:MEATBALLHERO
ID: 39694567
Both Steps Are Necessary.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question