?
Solved

Metadata cleanup to remove tombstoned DC from forest

Posted on 2014-03-20
8
Medium Priority
?
717 Views
Last Modified: 2014-03-27
After doing some research online, I see that if a DC is tombstoned, you need to remove it from the network, run /forceremoval, and metadata cleanup.


However, I am a bit confused. Especially since i may not need to promote this DC again. I was thinking about permanently removing it.

After disconnecting from the network and running /forceremoval i was trying to run metadata cleanup. But I am confused, shouldn't i do this from another working domain controller?

 If this is true, after running metadata cleanup, is there anything else i need to perform so that my domain controllers no longer see any records of my tombstoned DC?


BTW this DC which is tombstoned does not carry out any FSMO roles.


thx
t
0
Comment
Question by:tobe1424
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
8 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 39942978
Yes you do the metadata cleanup from a working DC.  Once you do that and the changes have replicated you should be able to add that DC back to the domain and then promote it again.


Note:  Just for others that come to this question...does not apply here.  If he had FSMO roles those would have to be seized.

Thanks

Mike
0
 

Author Comment

by:tobe1424
ID: 39943177
i just received confirmation from my managers that we need to promote the tombstoned dc along with retaining the same name..

is this possible?
0
 

Author Comment

by:tobe1424
ID: 39943363
thanks mike. I will try to run that now and then promote the dc again
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 57

Expert Comment

by:Mike Kline
ID: 39943379
how big is your domain/forest?  Make sure all the metadata clean/deletions replicated.  Spot check things like DNS.


Thanks

Mike
0
 

Author Comment

by:tobe1424
ID: 39943475
the forest contains 5 DC's and about 30 servers max.

in DNS, will i have to manually delete records? If so, i simply delete anything that has to do with my tombstone server?
0
 

Author Comment

by:tobe1424
ID: 39944022
when i run the "remove selected server SERVERNAME", it returns the following:

C:\Documents and Settings\Administrator>ntdsutil
ntdsutil: metadata cleanup
metadata cleanup: remove selected server icdc02
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001BA, problem 2006 (B
AD_NAME), data 8350, best match of:
        'CN=Ntds Settings,icdc02'

Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the DC (5). Please use the connection m
enu to specify it.


--


I am following the instructions from this Microsoft link:
http://technet.microsoft.com/en-us/library/cc736378%28WS.10%29.aspx

Any ideas?
0
 

Author Comment

by:tobe1424
ID: 39944023
BTW I am running Win server 2003 sp2
0
 

Author Comment

by:tobe1424
ID: 39944409
Am I suppose to enter something different for the server name than simply the hostname? FQDN also generated an error.

I am trying this from the primary dc
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question