Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Tombstoned DCs

Posted on 2014-01-02
5
Medium Priority
?
493 Views
Last Modified: 2014-01-02
I have 2 tombstoned DC's.  One is Server 2003R2 it has been offline for 3+ years.  The other is Server 2008R2 that has been disconnected for over a year.  The schema has been updated to Server 2008R2 but I only have a 2003R2 and a 2008 active DCs.

What should I do to remove the 2 tombstoned servers from active directory?  I don't want to put the servers back on the network to run dcpromo because I heard if they are that old they could cause some real problems in replication. Is this true?

This article http://support.microsoft.com/kb/216498 mentions from a 2008 or 2008R2 server I can just remove the computer from the Active Directory Users and Computers snap-in to remove all the metadata for a server object. Am I reading this correctly?

Most of the articles I've found deal with 2003 servers or earlier, I'm wondering if there is a different process for 2008 and later.

Thank you,
0
Comment
Question by:vbchewie
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39752868
In 2008 if the DC's do not hold any roles you can simply remove the AD account from active directory users and computers, without having to do a metadata cleanup. In your case you can remove the computer objects from ADUC and I would recommend using NTDSutil to ensure that all domain controllers have been moved. If they have not, then a metadat cleanup is needed.

Metadata cleanup
http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx


Will.
0
 
LVL 1

Author Comment

by:vbchewie
ID: 39752873
Neither of the DC's carry an FSMO roles other than the GC but I have all my DC set as GCs. Is there anything else I need to do after that to clean out the Domain Controllers?  Repadmin.exe? A few people have me scared to death about how much removing a tombstoned DC sucks.
0
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 39752883
Do the following...
-remove the computer objects
-check dns manager under msdcs and make sure no tombstonded DC's are listed for SRV records (if they are delete them)
-open sites and services (remove the computer objects from there if you see them)
-use ntdsutil and check if the metadata cleanup finds the DC info anywhere else (if it does remove it)

If these DC's have been offline for this long and your AD is functioning accordingly then nothing to worrie about.

YOU can use repadmin /replsum and showrepl to see how replication is performing and if it's working. Those commands are not necessary to cleanup AD objects.

Will.
0
 
LVL 1

Author Comment

by:vbchewie
ID: 39752900
That was easy.

Thank you very much.
0
 
LVL 1

Author Closing Comment

by:vbchewie
ID: 39752901
Really thanks again for your help.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question