Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 477
  • Last Modified:

Orphaned 2008 R2 Domain Controller - Not showing in Sites and Services

We have local IT at a business that likes to tweak things and have us clean them up afterwards.  That being said this is the issue we are having to clean up now.

A DC died and could not be gracefully removed.  So going through the Metadata cleanup as usual and I am having this issue.

The DC that I am trying to cleanup does not show in Sites and Services.  Most likely deleted from that console before the metadata cleanup was performed.  Now when trying to go through the Metadata cleanup, at the list servers in site step, the only server that shows in the other GC in that site.  The one I am needing to cleanup metadata for is not there.

I cannot find anywhere what to do from here.  I am well experienced in metadata cleanup, but have never come across this particular instance before.

Any ideas?
0
considerscs
Asked:
considerscs
  • 4
  • 4
4 Solutions
 
becraigCommented:
I would probably just try using ntdsutil to see if any remnants actually exist in AD:
ntdsutil - metadata cleanup - remove selected server <ServerName>

If you get an error, then it simply means the object was already removed.



There is also a script from MS that can help to identify the objects you want gone and it does the heavy lifting:
http://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede-9f97-0e1cc4d577f3

I have not actually tested the script though.
0
 
considerscsAuthor Commented:
Thats the problem, is inside of the ntdsutil, it does not show, but in Active Directory under Domain Controllers it is still listed and cannot be removed.

But on the type and site column in AD user and computers it does not show GC or the site.
0
 
becraigCommented:
Here is a blog with some basic troubleshooting steps and info:
http://www.techrepublic.com/article/picking-up-the-pieces-after-a-failed-domain-controller-demotion/

We should at the very least see if "LIST SERVERS IN SITE" report the server you are having the issue with.
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
becraigCommented:
As a final step, I will drill down into the zone to ensure all the records for that server are gone.

It might take some time based on the size of the organization, but you want to be thorough in the clean up of the zones if all else fails.

There is probably some artifact hanging around and fooling the AD into thinking it still exists.
0
 
considerscsAuthor Commented:
I finally got it.  The server in AD was not showing the correct permissions for the domain admins group.  So once fixing that I was able to get it removed.  Like I said we have to clean up what is messed up.  So sometimes its a crap shoot until you find what they did.
0
 
becraigCommented:
Great it got resolved, you should probably let them know to leave the AD maintenance up to you in order to avoid future hiccups :~)
0
 
considerscsAuthor Commented:
Im blue in the face on that one :)
0
 
considerscsAuthor Commented:
How the issues was solved is in my comment - awarding all other comments points as they helped to troubleshoot.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now