Solved

Removing DC that is not online anymore

Posted on 2014-10-14
12
197 Views
Last Modified: 2014-10-14
I promoted a server to DC and renamed it without demoting it first. Now I have the old name all over the domain. How can I remove it properly?
0
Comment
Question by:Thomas N
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +2
12 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40380201
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 40380202
https://support.microsoft.com/kb/555846?wa=wsignin1.0

You will need to check the FSMO roles and perform a metadata cleanup. If your IP changed, ensure that clients have updated dns settings.
0
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 500 total points
ID: 40380219
Here's another TechNet article on metadata cleanup that is a little newer. This can be done through the GUI or command line.

Need http://technet.microsoft.com/en-us/library/cc816907%28v=ws.10%29.aspx#bkmk_graphical
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40380227
You can also used the script that is referred to at the bottom of the TechNet article I supplied.

https://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede-9f97-0e1cc4d577f3
0
 

Author Comment

by:Thomas N
ID: 40380244
I try to delete it in users and computers and it tells me it cannot be deleted. It says "....The specified module could not be found" but it still in the console. Any suggestions?
0
 
LVL 29

Expert Comment

by:becraig
ID: 40380262
To clean up server metadata by using Ntdsutil

Open a command prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, provide Enterprise Admins credentials, if required, and then click Continue.

    At the command prompt, type the following command, and then press ENTER:
    ntdsutil

    At the ntdsutil: prompt, type the following command, and then press ENTER:
    metadata cleanup

    At the metadata cleanup: prompt, type the following command, and then press ENTER:
    remove selected server <ServerName>

Also if you take a quick look at the like I posted, you will find it is very extensive with a lot of steps to try including the others links posted subsequently.  It might be worth it to take a look and head to the 2008 section and give it a read.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40380267
That is not the proper way to remove it. Please read the articles on removing orphaned domain controllers.
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 40380306
Other than following the metadata cleanup KB here are my thoughts.

Check again when replication has occurred (unless you are checking AD on the DC you made the name change on).  Refresh the mmc console after replication too.

I just executed what you have said in a test lab on 2008 R2, there was a warning saying this isn't the correct way to rename a DC but I went ahead and changed and rebooted. The server name changed in ADU&C and ADS&S with the old name being removed from everything except some SRV records in DNS.

If the metadata cleanup doesn't work I'd suggest taking a quick backup and restoring to an isolated test lab to play with it there.  VMware Workstation or VirtualBox are good for this if you don't have the capacity on a server estate.
0
 

Author Comment

by:Thomas N
ID: 40380315
This article says to do it that way:

Need http://technet.microsoft.com/en-us/library/cc816907%28v=ws.10%29.aspx#bkmk_graphical

So dont go in and hit delete?

I tried using ntdsutil using this article:

http://www.petri.com/delete_failed_dcs_from_ad.htm

but it does not see the server
0
 

Author Comment

by:Thomas N
ID: 40380316
I tried becraigs plan but I get this error:

C:\Windows\system32\ntdsutil.exe: metadata cleanup
metadata cleanup: remove selected server "server"
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001F7, problem 2006 (B
AD_NAME), data 8350, best match of:
        'CN=Ntds Settings,server'

Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the Active Directory Domain Controller
(5). Please use the connection menu to specify it.
metadata cleanup:
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40380321
I'm sorry, yes that is how you remove it using the GUI, but have you verified which server is holding the FSMO roles? How many DC's do you have?
0
 

Author Closing Comment

by:Thomas N
ID: 40380328
This worked after clicking on it a few times. Weird it didnt work right away but thats Windows. Thanks.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question