?
Solved

Tombstoned DCs

Posted on 2014-01-02
5
Medium Priority
?
491 Views
Last Modified: 2014-01-02
I have 2 tombstoned DC's.  One is Server 2003R2 it has been offline for 3+ years.  The other is Server 2008R2 that has been disconnected for over a year.  The schema has been updated to Server 2008R2 but I only have a 2003R2 and a 2008 active DCs.

What should I do to remove the 2 tombstoned servers from active directory?  I don't want to put the servers back on the network to run dcpromo because I heard if they are that old they could cause some real problems in replication. Is this true?

This article http://support.microsoft.com/kb/216498 mentions from a 2008 or 2008R2 server I can just remove the computer from the Active Directory Users and Computers snap-in to remove all the metadata for a server object. Am I reading this correctly?

Most of the articles I've found deal with 2003 servers or earlier, I'm wondering if there is a different process for 2008 and later.

Thank you,
0
Comment
Question by:vbchewie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39752868
In 2008 if the DC's do not hold any roles you can simply remove the AD account from active directory users and computers, without having to do a metadata cleanup. In your case you can remove the computer objects from ADUC and I would recommend using NTDSutil to ensure that all domain controllers have been moved. If they have not, then a metadat cleanup is needed.

Metadata cleanup
http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx


Will.
0
 
LVL 1

Author Comment

by:vbchewie
ID: 39752873
Neither of the DC's carry an FSMO roles other than the GC but I have all my DC set as GCs. Is there anything else I need to do after that to clean out the Domain Controllers?  Repadmin.exe? A few people have me scared to death about how much removing a tombstoned DC sucks.
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 39752883
Do the following...
-remove the computer objects
-check dns manager under msdcs and make sure no tombstonded DC's are listed for SRV records (if they are delete them)
-open sites and services (remove the computer objects from there if you see them)
-use ntdsutil and check if the metadata cleanup finds the DC info anywhere else (if it does remove it)

If these DC's have been offline for this long and your AD is functioning accordingly then nothing to worrie about.

YOU can use repadmin /replsum and showrepl to see how replication is performing and if it's working. Those commands are not necessary to cleanup AD objects.

Will.
0
 
LVL 1

Author Comment

by:vbchewie
ID: 39752900
That was easy.

Thank you very much.
0
 
LVL 1

Author Closing Comment

by:vbchewie
ID: 39752901
Really thanks again for your help.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses
Course of the Month11 days, 3 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question