Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Orphaned 2008 R2 Domain Controller - Not showing in Sites and Services

Posted on 2014-09-17
8
Medium Priority
?
475 Views
Last Modified: 2014-09-22
We have local IT at a business that likes to tweak things and have us clean them up afterwards.  That being said this is the issue we are having to clean up now.

A DC died and could not be gracefully removed.  So going through the Metadata cleanup as usual and I am having this issue.

The DC that I am trying to cleanup does not show in Sites and Services.  Most likely deleted from that console before the metadata cleanup was performed.  Now when trying to go through the Metadata cleanup, at the list servers in site step, the only server that shows in the other GC in that site.  The one I am needing to cleanup metadata for is not there.

I cannot find anywhere what to do from here.  I am well experienced in metadata cleanup, but have never come across this particular instance before.

Any ideas?
0
Comment
Question by:considerscs
  • 4
  • 4
8 Comments
 
LVL 29

Assisted Solution

by:becraig
becraig earned 2000 total points
ID: 40328160
I would probably just try using ntdsutil to see if any remnants actually exist in AD:
ntdsutil - metadata cleanup - remove selected server <ServerName>

If you get an error, then it simply means the object was already removed.



There is also a script from MS that can help to identify the objects you want gone and it does the heavy lifting:
http://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede-9f97-0e1cc4d577f3

I have not actually tested the script though.
0
 
LVL 1

Author Comment

by:considerscs
ID: 40328173
Thats the problem, is inside of the ntdsutil, it does not show, but in Active Directory under Domain Controllers it is still listed and cannot be removed.

But on the type and site column in AD user and computers it does not show GC or the site.
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 2000 total points
ID: 40328218
Here is a blog with some basic troubleshooting steps and info:
http://www.techrepublic.com/article/picking-up-the-pieces-after-a-failed-domain-controller-demotion/

We should at the very least see if "LIST SERVERS IN SITE" report the server you are having the issue with.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 29

Assisted Solution

by:becraig
becraig earned 2000 total points
ID: 40328228
As a final step, I will drill down into the zone to ensure all the records for that server are gone.

It might take some time based on the size of the organization, but you want to be thorough in the clean up of the zones if all else fails.

There is probably some artifact hanging around and fooling the AD into thinking it still exists.
0
 
LVL 1

Accepted Solution

by:
considerscs earned 0 total points
ID: 40328290
I finally got it.  The server in AD was not showing the correct permissions for the domain admins group.  So once fixing that I was able to get it removed.  Like I said we have to clean up what is messed up.  So sometimes its a crap shoot until you find what they did.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40328304
Great it got resolved, you should probably let them know to leave the AD maintenance up to you in order to avoid future hiccups :~)
0
 
LVL 1

Author Comment

by:considerscs
ID: 40328326
Im blue in the face on that one :)
0
 
LVL 1

Author Closing Comment

by:considerscs
ID: 40336170
How the issues was solved is in my comment - awarding all other comments points as they helped to troubleshoot.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question