Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Orphaned 2008 R2 Domain Controller - Not showing in Sites and Services

Posted on 2014-09-17
8
Medium Priority
?
468 Views
Last Modified: 2014-09-22
We have local IT at a business that likes to tweak things and have us clean them up afterwards.  That being said this is the issue we are having to clean up now.

A DC died and could not be gracefully removed.  So going through the Metadata cleanup as usual and I am having this issue.

The DC that I am trying to cleanup does not show in Sites and Services.  Most likely deleted from that console before the metadata cleanup was performed.  Now when trying to go through the Metadata cleanup, at the list servers in site step, the only server that shows in the other GC in that site.  The one I am needing to cleanup metadata for is not there.

I cannot find anywhere what to do from here.  I am well experienced in metadata cleanup, but have never come across this particular instance before.

Any ideas?
0
Comment
Question by:considerscs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
8 Comments
 
LVL 29

Assisted Solution

by:becraig
becraig earned 2000 total points
ID: 40328160
I would probably just try using ntdsutil to see if any remnants actually exist in AD:
ntdsutil - metadata cleanup - remove selected server <ServerName>

If you get an error, then it simply means the object was already removed.



There is also a script from MS that can help to identify the objects you want gone and it does the heavy lifting:
http://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede-9f97-0e1cc4d577f3

I have not actually tested the script though.
0
 
LVL 1

Author Comment

by:considerscs
ID: 40328173
Thats the problem, is inside of the ntdsutil, it does not show, but in Active Directory under Domain Controllers it is still listed and cannot be removed.

But on the type and site column in AD user and computers it does not show GC or the site.
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 2000 total points
ID: 40328218
Here is a blog with some basic troubleshooting steps and info:
http://www.techrepublic.com/article/picking-up-the-pieces-after-a-failed-domain-controller-demotion/

We should at the very least see if "LIST SERVERS IN SITE" report the server you are having the issue with.
0
Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

 
LVL 29

Assisted Solution

by:becraig
becraig earned 2000 total points
ID: 40328228
As a final step, I will drill down into the zone to ensure all the records for that server are gone.

It might take some time based on the size of the organization, but you want to be thorough in the clean up of the zones if all else fails.

There is probably some artifact hanging around and fooling the AD into thinking it still exists.
0
 
LVL 1

Accepted Solution

by:
considerscs earned 0 total points
ID: 40328290
I finally got it.  The server in AD was not showing the correct permissions for the domain admins group.  So once fixing that I was able to get it removed.  Like I said we have to clean up what is messed up.  So sometimes its a crap shoot until you find what they did.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40328304
Great it got resolved, you should probably let them know to leave the AD maintenance up to you in order to avoid future hiccups :~)
0
 
LVL 1

Author Comment

by:considerscs
ID: 40328326
Im blue in the face on that one :)
0
 
LVL 1

Author Closing Comment

by:considerscs
ID: 40336170
How the issues was solved is in my comment - awarding all other comments points as they helped to troubleshoot.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question