Every Managed Security Service Provider (MSSP) needs a platform to deliver effective and efficient security-as-a-service to their customers. Scale, elasticity and profitability are a few of the many features that a Cloud platform offers. View our on-demand webinar to learn more!
Metadata cleanup on an Active Directory - please help! :)
This is my first question here.. please go easy on me. If I missed something please ask and I will answer ASAP. Thank-you Experts!
We had an old 2003 DC that I demoted. (dns2)
Installed a new 2012 DC and promoted into the domain. (as dns-2).. My first mistake I guess, I wanted to keep the same name. Not best practice I know.. that's why I'm here.
When the problems started:
I renamed the DC to the old name (dns2)
Couldn't get netlogon services working. When I did a dcdiag on the 2012 server it still had the old name attached to it (dns-2)
Then I noticed in DNS it had both dns2 and dns-2 as the same IP
Demoted the 2012 server, now my AD metadata is messed up and I can't delete the dns2 or dns-2 in AD:
Error for both: Windows cannot delete object LDAP:// blah blah because: The specified module could not be found.
Went into dns1 (2003, has all FSMO roles) and tried this:
2) At the command prompt, type the following command, and then press ENTER:
ntdsutil
3) At the ntdsutil prompt, type the following command, and then press ENTER:
metadata cleanup
4) At the metadata cleanup: prompt, type the following command, and then press ENTER:
remove selected server SERVERNAME
This is the results:
D:\Program Files\Support Tools>ntdsutil
ntdsutil: metadata cleanup
metadata cleanup: remove selected server dns2
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001BA, problem 2006 (B
AD_NAME), data 8350, best match of:
'CN=Ntds Settings,dns2'
Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the DC (5). Please use the connection m
enu to specify it.
Disconnecting from localhost...
metadata cleanup:
So at this point I'd like to get AD cleaned up and back to normal. Then, I'd like to get dns2 back up with hopefully the same name? Unless directed otherwise. Thanks again Ron.
We had an old 2003 DC that I demoted. (dns2)
Installed a new 2012 DC and promoted into the domain. (as dns-2).. My first mistake I guess, I wanted to keep the same name. Not best practice I know.. that's why I'm here.
When the problems started:
I renamed the DC to the old name (dns2)
Couldn't get netlogon services working. When I did a dcdiag on the 2012 server it still had the old name attached to it (dns-2)
Then I noticed in DNS it had both dns2 and dns-2 as the same IP
Demoted the 2012 server, now my AD metadata is messed up and I can't delete the dns2 or dns-2 in AD:
Error for both: Windows cannot delete object LDAP:// blah blah because: The specified module could not be found.
Went into dns1 (2003, has all FSMO roles) and tried this:
2) At the command prompt, type the following command, and then press ENTER:
ntdsutil
3) At the ntdsutil prompt, type the following command, and then press ENTER:
metadata cleanup
4) At the metadata cleanup: prompt, type the following command, and then press ENTER:
remove selected server SERVERNAME
This is the results:
D:\Program Files\Support Tools>ntdsutil
ntdsutil: metadata cleanup
metadata cleanup: remove selected server dns2
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001BA, problem 2006 (B
AD_NAME), data 8350, best match of:
'CN=Ntds Settings,dns2'
Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the DC (5). Please use the connection m
enu to specify it.
Disconnecting from localhost...
metadata cleanup:
So at this point I'd like to get AD cleaned up and back to normal. Then, I'd like to get dns2 back up with hopefully the same name? Unless directed otherwise. Thanks again Ron.
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Thanks Raymond. Yes, I followed that exact post and got this error:
"Error for both: Windows cannot delete object LDAP:// blah blah because: The specified module could not be found."
"Error for both: Windows cannot delete object LDAP:// blah blah because: The specified module could not be found."
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Luis, I forgot about that tool.. and it seemed to work! I no longer see them in users and computers..
Now going forward. I'm going to create a new 2012 server and bring it up as dns2.
At this point can I use the same name?
Thanks!
Now going forward. I'm going to create a new 2012 server and bring it up as dns2.
At this point can I use the same name?
Thanks!
Great that is solved.
Yes you can if all is clean, maybe is better use other name, at least for troubleshooting
Yes you can if all is clean, maybe is better use other name, at least for troubleshooting
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get every solution instantly with Premium.
Start your 7-day free trial.
Have you tried going the GUI route of metadata cleanup instead. Microsoft has a great article i actually just used
https://technet.microsoft.com/en-us/library/cc816907%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396
Try it out, hope it helps