?
Solved

Remove old DCs from AD

Posted on 2016-07-28
6
Medium Priority
?
47 Views
Last Modified: 2016-07-28
Awhile back we upgraded out domain from 2003R2 to 2012R2.
The old DCs were demoted using DCpromo.
However, they are still listed in AD Computers.
When I try to manually delete them, I get the message;
==============
 The object SRV2003 contains other objects. Do you want to remove the object SRV2003 and all the objects it contains?
    If you cancel the removal in process any objects removed are not restored.

    WARNING: If you check the box "Use server control for removal of subtrees" all objects in the subtree are removed, including objects which are protected against removal, and the removal cannot be undone.
=============

I turned on the view computers as containers, but see nothing inside of them. Is it safe to delete these objects while checking the box "Use server control for removal of subtrees" or could this have an adverse effect on my current Domain/DCs?
0
Comment
Question by:keamalsa
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 1600 total points
ID: 41733386
It's safe to delete those objects.  I've seen that message many times in the past; not sure exactly what causes the message to appear, but I've never seen any adverse effects of deleting the objects.  If you want to be extra certain, you can use adsiedit.msc instead of ADUC to check the objects and make sure there are no subcontainers with any objects in them.
1
 
LVL 16

Assisted Solution

by:FOX
FOX earned 400 total points
ID: 41733393
If you have already successfully demoted it, it is not talking to any of the domain controllers
Make sure any traces of the 2003 DC are  deleted from AD, AD Sites and Services, DNS(forward and reverse lookups)
0
 

Author Comment

by:keamalsa
ID: 41733405
So, to be clear, It's OK to delete it while checking the box "Use server control for removal of subtrees" ?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 16

Expert Comment

by:FOX
ID: 41733420
AS hypercat suggested, open ASiedit and see if there are any valuable objects below it.  I doubt it.  If you see nothing delete away.
0
 

Author Comment

by:keamalsa
ID: 41733429
Opened ADSi Edit, and there are folders under the DC object folder named CN=IASIdentity, but nothing inside of those folders.
0
 
LVL 38

Assisted Solution

by:Hypercat (Deb)
Hypercat (Deb) earned 1600 total points
ID: 41733476
Yes, that's OK to delete. It looks like Microsoft Internet Authentication Service was once in use. I'm assuming that's not longer the case and/or that server particularly isn't being used for that purpose.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question