DFS issues

Environment is 2012 R2 domain running four domain controllers:  DFL and FFL is 2008

I had four 2008 DCs and all four were name servers in DFS.  I spun up four new DCs on 2012 and moved DFS namespaces to two of those four.  I was good enough to remove ONE of the old DFS servers from DFS before demoting it and shutting it down, but I FORGOT to remove the other three old DCs from the namespace list before demoting them and shutting them down.

I now have three orphaned namespace servers in my DFS snapin and it's giving me grief.  I did right click and disable the three orphaned DFS namespace servers that I forgot to properly remove so just the two new ones are active now.


Some of my PCs are still showing the three old DFS namespace servers.  By some, I mean five out of 500 still show the three orphaned namespace servers as well as the two new ones.  Some of the PCs even show one of the old orphaned DFS namespace servers as active!  The server doesn't even exist, yet it's still showing as active.  Now, I suspect that's because I have CNAME alias's pointing the old server names to the new servers.  So, technically, if you ping one of the old servers, it will resolve to one of the new servers, but DFS is only on two of the four new servers.

So, anyway, these five PCs that are having problems....when I go to them and look at the DFS properties page for the corporate share, I see the three orphaned namespace servers and one of them is active, even though it doesn't exist any more.

Also, in my DFS snapin on the server, I see the three orphaned DFS servers.  It's like the PCs won't release this old info for some reason.

So, this post is a two question post:  

How do I get the PCs to release the old orphaned DFS namespace server names


How do I clear those names from my DFS namespace server snapin


Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

The data is stored in AD.
you have to look at dfsutil to to see which DC is still holding onto this information.  DFS is a referal.
Run dcdiag to make sure your AD replication is not the contributing factor.
Are the five with which you are having issues at the same location, that could help you narrow down where the issue is.
i.e. they all query their local DC which is out of sync.
crp0499CEOAuthor Commented:
Agreed.  I Even spun up a new user and a new VM and the settings for the three old ones came up, but how do I use dfsutil to determine which server is holding on to and pushing the settings?
The issue is not with the user, look at the logon server to which the computer authenticate and likely the one being queried.

Status of dcdiag?

in the dfs management, reflects that you removed the old members as the targets, they should be gone within 30 minutes or less as that is the default referral/client cache.

Let me rechecked the proper syntax to run.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

See https://supportforums.cisco.com/discussion/10547561/cme-40-cue-31

Dfsutil.exe target \\addomain\root\share
This should, list the targets for this DFS share.
You would then need to use the dfsutil target remove \\addomain\root\share \\oldserver1\share

If in DFS management, the DFS name space is not reflecting the old servers as targets, the issue is not with DFS but likely with a DC that has not synchronized.
crp0499CEOAuthor Commented:
Look at the screen cap...see the bottom three servers?  The ones that are disabled?  Those use to be DCs and namespace servers.  They were removed and demoted and shutdown without being properly removed from the namespace list.  

Now I have random PCs showing those three old servers even though they are disabled.  

That's the reference I'm trying to remove.
Right click on the disabled, one option should be remove.
I think you will get a warning to the effect that it can not be contacted and will have an issue should the old target server is reconnected. I'm,e, make sure your removal deals with a permanent ..........

While they are listed in the DFS interface, they will be listed in the client selection but will not be used, the impact on the user will deal with a delay.
crp0499CEOAuthor Commented:
I have tried to remove them, and I get an error of access denied.  I also notice that in my Sites and Services, there is no automatically generated replication connection between a DC in site 1 and a DC in site 2.  I think that may have an impact as well on my issue.

In short, I am aiming to get the three disabled namespace servers out of the display, as well as stop PCs from using those three in their DFS namespace settings.

There are only the two active DFS namespace servers left.
First resolve the replication issue between the two site Dcs that should clear the issue.  The AD replication might be broken because of a journal erro that includes instructions on how to correct.

When you use dfsutil target \\addomain\namespace does one have only two while the other has all five?

Are these target servers or are they links.

Dfsutil has the resync command.
On which DC when using DFS management do the three disabled show up or do they appear on both?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
crp0499CEOAuthor Commented:
It ended up that my sites and services was screwed up.  There were intersite transports in there for sites that were gone years ago.  There was also a duplicate transport for the two existing sites.  

Once I cleaned that up, I was able to remove the orphaned DFS servers from the DFS console and all PCs are getting the correct DFS info.

Thanks Arnold!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.