Solved

Orphaned 2008 R2 Domain Controller - Not showing in Sites and Services

Posted on 2014-09-17
8
434 Views
Last Modified: 2014-09-22
We have local IT at a business that likes to tweak things and have us clean them up afterwards.  That being said this is the issue we are having to clean up now.

A DC died and could not be gracefully removed.  So going through the Metadata cleanup as usual and I am having this issue.

The DC that I am trying to cleanup does not show in Sites and Services.  Most likely deleted from that console before the metadata cleanup was performed.  Now when trying to go through the Metadata cleanup, at the list servers in site step, the only server that shows in the other GC in that site.  The one I am needing to cleanup metadata for is not there.

I cannot find anywhere what to do from here.  I am well experienced in metadata cleanup, but have never come across this particular instance before.

Any ideas?
0
Comment
Question by:considerscs
  • 4
  • 4
8 Comments
 
LVL 28

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 40328160
I would probably just try using ntdsutil to see if any remnants actually exist in AD:
ntdsutil - metadata cleanup - remove selected server <ServerName>

If you get an error, then it simply means the object was already removed.



There is also a script from MS that can help to identify the objects you want gone and it does the heavy lifting:
http://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede-9f97-0e1cc4d577f3

I have not actually tested the script though.
0
 
LVL 1

Author Comment

by:considerscs
ID: 40328173
Thats the problem, is inside of the ntdsutil, it does not show, but in Active Directory under Domain Controllers it is still listed and cannot be removed.

But on the type and site column in AD user and computers it does not show GC or the site.
0
 
LVL 28

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 40328218
Here is a blog with some basic troubleshooting steps and info:
http://www.techrepublic.com/article/picking-up-the-pieces-after-a-failed-domain-controller-demotion/

We should at the very least see if "LIST SERVERS IN SITE" report the server you are having the issue with.
0
 
LVL 28

Assisted Solution

by:becraig
becraig earned 500 total points
ID: 40328228
As a final step, I will drill down into the zone to ensure all the records for that server are gone.

It might take some time based on the size of the organization, but you want to be thorough in the clean up of the zones if all else fails.

There is probably some artifact hanging around and fooling the AD into thinking it still exists.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 1

Accepted Solution

by:
considerscs earned 0 total points
ID: 40328290
I finally got it.  The server in AD was not showing the correct permissions for the domain admins group.  So once fixing that I was able to get it removed.  Like I said we have to clean up what is messed up.  So sometimes its a crap shoot until you find what they did.
0
 
LVL 28

Expert Comment

by:becraig
ID: 40328304
Great it got resolved, you should probably let them know to leave the AD maintenance up to you in order to avoid future hiccups :~)
0
 
LVL 1

Author Comment

by:considerscs
ID: 40328326
Im blue in the face on that one :)
0
 
LVL 1

Author Closing Comment

by:considerscs
ID: 40336170
How the issues was solved is in my comment - awarding all other comments points as they helped to troubleshoot.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Resolve DNS query failed errors for Exchange
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now