Demoting old remnants of Domain Controller from Active Directory

Senior IT System Engineer
Senior IT System Engineer used Ask the Experts™
on
Hi All,

When I perform the repadmin /replsum command, I can see there is an error pointing to the oldDC12.domain.com ?

And also when I do netdom query dc command the old DC is still there.

How can I safely decommission it without causing any issue with Exchange and AD replication ?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Nagendra Pratap SinghDesktop Applications Specialist

Commented:
What is the EXACT error?

Author

Commented:
The replication error.

Pretty much the Domain controller has been turned off or not properly decommissioned. So how do I clean it up safely ?
Principal Support Engineer
Commented:
If that DC is gone for good, you'll need to perform a metadata cleanup to remove it from Active Directory. In the past, this required the use of the Ntdsutil command-line tool, but now the process is greatly simplified (though you can still do it the old way if you prefer). See here for details:

Clean Up Server Metadata
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Thanks Dave.

So I assume that the normal AD replication and Exchange is not impacted when I remove this old DC remnants.
DrDave242Principal Support Engineer
Commented:
Nope, not at all; in fact, removing that DC will be a good thing. You've probably got replication errors in the Directory Services logs of your other DCs right now, since at least some of them will be replication partners of the dead one. Once you perform the metadata cleanup, those DCs will know that one's gone for good and won't keep trying to replicate from it, so those errors will go away.

Author

Commented:
Thanks !

Author

Commented:
Hi DAve,

which path should I choose ?

To clean up server metadata by using Active Directory Users and Computers
or
To clean up server metadata by using Active Directory Sites and Services

or do I follow both steps ?
DrDave242Principal Support Engineer

Commented:
Clean it up using AD Users and Computers first. Once that's done, launch AD Sites and Services. The deleted server will probably still be listed there, but it'll be just an empty container - there won't be an NTDS Settings object inside it. Delete the server from there as well.

You may also need to delete DNS records referring to the server after that. In my experience, the metadata cleanup sometimes removes these records but not always, and I'm not sure why it's inconsistent.

Author

Commented:
Ok that does make sense.
Thank you once again.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial