?
Solved

Removing DC that is not online anymore

Posted on 2014-10-14
12
Medium Priority
?
208 Views
Last Modified: 2014-10-14
I promoted a server to DC and renamed it without demoting it first. Now I have the old name all over the domain. How can I remove it properly?
0
Comment
Question by:Thomas N
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +2
12 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40380201
0
 
LVL 22

Expert Comment

by:Joseph Moody
ID: 40380202
https://support.microsoft.com/kb/555846?wa=wsignin1.0

You will need to check the FSMO roles and perform a metadata cleanup. If your IP changed, ensure that clients have updated dns settings.
0
 
LVL 16

Accepted Solution

by:
Joshua Grantom earned 2000 total points
ID: 40380219
Here's another TechNet article on metadata cleanup that is a little newer. This can be done through the GUI or command line.

Need http://technet.microsoft.com/en-us/library/cc816907%28v=ws.10%29.aspx#bkmk_graphical
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40380227
You can also used the script that is referred to at the bottom of the TechNet article I supplied.

https://gallery.technet.microsoft.com/scriptcenter/d31f091f-2642-4ede-9f97-0e1cc4d577f3
0
 

Author Comment

by:Thomas N
ID: 40380244
I try to delete it in users and computers and it tells me it cannot be deleted. It says "....The specified module could not be found" but it still in the console. Any suggestions?
0
 
LVL 29

Expert Comment

by:becraig
ID: 40380262
To clean up server metadata by using Ntdsutil

Open a command prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, provide Enterprise Admins credentials, if required, and then click Continue.

    At the command prompt, type the following command, and then press ENTER:
    ntdsutil

    At the ntdsutil: prompt, type the following command, and then press ENTER:
    metadata cleanup

    At the metadata cleanup: prompt, type the following command, and then press ENTER:
    remove selected server <ServerName>

Also if you take a quick look at the like I posted, you will find it is very extensive with a lot of steps to try including the others links posted subsequently.  It might be worth it to take a look and head to the 2008 section and give it a read.
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40380267
That is not the proper way to remove it. Please read the articles on removing orphaned domain controllers.
0
 
LVL 15

Expert Comment

by:Rob Stone
ID: 40380306
Other than following the metadata cleanup KB here are my thoughts.

Check again when replication has occurred (unless you are checking AD on the DC you made the name change on).  Refresh the mmc console after replication too.

I just executed what you have said in a test lab on 2008 R2, there was a warning saying this isn't the correct way to rename a DC but I went ahead and changed and rebooted. The server name changed in ADU&C and ADS&S with the old name being removed from everything except some SRV records in DNS.

If the metadata cleanup doesn't work I'd suggest taking a quick backup and restoring to an isolated test lab to play with it there.  VMware Workstation or VirtualBox are good for this if you don't have the capacity on a server estate.
0
 

Author Comment

by:Thomas N
ID: 40380315
This article says to do it that way:

Need http://technet.microsoft.com/en-us/library/cc816907%28v=ws.10%29.aspx#bkmk_graphical

So dont go in and hit delete?

I tried using ntdsutil using this article:

http://www.petri.com/delete_failed_dcs_from_ad.htm

but it does not see the server
0
 

Author Comment

by:Thomas N
ID: 40380316
I tried becraigs plan but I get this error:

C:\Windows\system32\ntdsutil.exe: metadata cleanup
metadata cleanup: remove selected server "server"
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001F7, problem 2006 (B
AD_NAME), data 8350, best match of:
        'CN=Ntds Settings,server'

Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the Active Directory Domain Controller
(5). Please use the connection menu to specify it.
metadata cleanup:
0
 
LVL 16

Expert Comment

by:Joshua Grantom
ID: 40380321
I'm sorry, yes that is how you remove it using the GUI, but have you verified which server is holding the FSMO roles? How many DC's do you have?
0
 

Author Closing Comment

by:Thomas N
ID: 40380328
This worked after clicking on it a few times. Weird it didnt work right away but thats Windows. Thanks.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses
Course of the Month7 days, 19 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question