Demoting old remnants of Domain Controller from Active Directory

Hi All,

When I perform the repadmin /replsum command, I can see there is an error pointing to the oldDC12.domain.com ?

And also when I do netdom query dc command the old DC is still there.

How can I safely decommission it without causing any issue with Exchange and AD replication ?

LVL 9

Senior IT System EngineerIT ProfessionalAsked: 2017-03-22

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

Experts Exchange Solution brought to you by

Enjoy your complimentary solution view.

Get every solution instantly with Premium. Start your 7-day free trial.

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LVL 25

Nagendra Pratap SinghDesktop Applications SpecialistCommented: 2017-03-23

What is the EXACT error?

LVL 9

Senior IT System EngineerIT ProfessionalAuthor Commented: 2017-03-23

The replication error.

Pretty much the Domain controller has been turned off or not properly decommissioned. So how do I clean it up safely ?

LVL 28

DrDave242Commented: 2017-03-23

If that DC is gone for good, you'll need to perform a metadata cleanup to remove it from Active Directory. In the past, this required the use of the Ntdsutil command-line tool, but now the process is greatly simplified (though you can still do it the old way if you prefer). See here for details:

Clean Up Server Metadata

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial

LVL 9

Senior IT System EngineerIT ProfessionalAuthor Commented: 2017-03-23

Thanks Dave.

So I assume that the normal AD replication and Exchange is not impacted when I remove this old DC remnants.

LVL 28

DrDave242Commented: 2017-03-23

Nope, not at all; in fact, removing that DC will be a good thing. You've probably got replication errors in the Directory Services logs of your other DCs right now, since at least some of them will be replication partners of the dead one. Once you perform the metadata cleanup, those DCs will know that one's gone for good and won't keep trying to replicate from it, so those errors will go away.

LVL 9

Senior IT System EngineerIT ProfessionalAuthor Commented: 2017-03-23

Thanks !

LVL 9

Senior IT System EngineerIT ProfessionalAuthor Commented: 2017-03-23

Hi DAve,

which path should I choose ?

To clean up server metadata by using Active Directory Users and Computers

To clean up server metadata by using Active Directory Sites and Services

or do I follow both steps ?

LVL 28

DrDave242Commented: 2017-03-24

Clean it up using AD Users and Computers first. Once that's done, launch AD Sites and Services. The deleted server will probably still be listed there, but it'll be just an empty container - there won't be an NTDS Settings object inside it. Delete the server from there as well.

You may also need to delete DNS records referring to the server after that. In my experience, the metadata cleanup sometimes removes these records but not always, and I'm not sure why it's inconsistent.