Metadata Cleanup of a Domain controller

Delete orphan DCs from Active Directory

The following commands should be run to cleanup orphan domains and domain controllers.

At the command prompt, type ntdsutil

ntdsutil: metadata cleanup

Metadata cleanup: connections

Server connections: connect to server yourserver.yourdomain.com (i.e. the root forest domain controller) Binding to yourserver.yourdomain.com ……. Connected to yourserver.yourdomain.com using credentials of locally logged on user server connections: quit (You are now connected to the domain controller)

Metadata cleanup: select operation target

Select operation target: list domains
(Lists all domains in the forest) Found 7 domains(s)
0 – DC=yourserver, DC=yourdomain, DC=com
1 – DC=……….. (Listing of all domains in the forest)

Select operation target: select domain x
(Where x is the number of the domain to be deleted and/ or where the domain controller to be deleted is located) No current site
Domain – DC=….. No current server
No Current Naming Context

Select operation target: list sites
Found 1 site(s)
0 – CN=yoursite, CN=Sites, CN=Configuration, DC=yourserver, DC=yourdomain, DC=com

Select operation target: select site x
(Where x is the number of the site where the domain and/or the domain controller to be deleted is located)
Site – CN=yoursite, CN=Sites, CN=Configuration, DC=yourserver, DC=yourdomain, DC=com
Domain – DC=……..
No current server No current Naming Context

Select operation target: list servers in site
Found 6 server(s) 0 – CN=……… 1 – CN=………. (Listing of all servers found in the site selected)

Select operation target: select server x
(Where x is the number of the server to be deleted from the list displayed in the previous operation)
Site – CN=yoursite, CN=Sites, CN=Configuration, DC=yourserver, DC=yourdomain, DC=com
Domain – DC=……
Server – CN=…….
DSA object – CN=NTDS Settings, CN=…….. (Display of the domain, server and settings for the domain controller to be deleted)
No current Naming Context
select operation target: quit

Metadata cleanup: remove selected server
“CN=……..” server being removed (A popup window is also displayed verifying you really want to delete this domain controller) removed from server “yourserver.yourdomain.com” (verifies the removal of the domain controller) metadata cleanup: remove selected domain
“DC=…….” removed from server “yourserver.yourdomain.com” (verifies the removal of the domain)

Note: At this point, Active Directory confirms that the domain controller was removed successfully. If you receive an error that the object could not be found, Active Directory might have already removed from the domain controller.
Metadata cleanup: quit

Ntdsutil: quit
Disconnecting from …………

Example:

metadata

metadata2.jpg

Click Yes to confirm deletion.

Type quit, and press Enter until you return to the command prompt.

Note: In Windows Server 2003 there is no need to enter activate instance ntds, this step is not required.

You also need to remove the instances of faulty DC from DNS, ADSS, Domain Controller OU, etc. if it is present.

To remove the failed server object from the sites
1. In Active Directory Sites and Services, expand the appropriate site.
2. Delete the server object associated with the failed domain controller.

To remove the failed server object from the domain controllers container
1. In Active Directory Users and Computers, expand the domain controllers container.
2. Delete the computer object associated with the failed domain controller.

To remove the failed server object from DNS
1. In the DNS snap-in, expand the zone that is related to the domain from where the server has been removed.
2. Remove the CNAME record in the _msdcs.root domain of forest zone in DNS. You should also delete the HOSTNAME and other DNS records.
3. If you have reverse lookup zones, also remove the PTR record of the server from these zones.

In Windows Server 2008 and above, you can also perform metadata cleanup using GUI utility. You can perform this operation from Active Directory Users and Computers (ADUC) or from Active Directory Sites and Services (ADDS) console.

To clean up server metadata by using Active Directory Users and Computers

Step1 : Open Run and type dsa.msc and click OK.

dsa.msc

Step2 : Select the Domain Controller whose metadata you want to clean up, and then click Delete.

metadata3

Step3 :Select This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO), and then click Delete.

metadata4

Step4. If the Domain Controller is a global catalog server, in the Delete Domain Controller dialog box, click Yes to continue.

Step5 : If the domain controller currently holds one or more operations master roles, click OK to move the role or roles to the domain controller that is shown.

Note : You cannot change this domain controller. If you want to move the role to a different domain controller, you must move the role after you complete the server metadata cleanup procedure.

To clean up server metadata by using Active Directory Sites and Services

Step1 : Open Run and type dssite.msc

dssite.msc

Step2 : Expand the AD Sites and Services and right-click the NTDS Settings object of DC whose metadata you want to clean up, and then click Delete.

metadata5.jpg

Step3: Select This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO), and then click Delete.

metadata6.jpg

Step5: If the domain controller is a global catalog server, click Yes to continue with the deletion.

Step6: If the domain controller currently holds one or more operations master roles, click OK to move the role or roles to the domain controller that is shown

Step7: Right-click the domain controller that was forcibly removed, and then click Delete

metadata7.jpg

Step8: In the Active Directory Domain Services dialog box, click Yes to confirm the domain controller deletion.

For more details refer below articles:
http://support.microsoft.com/kb/216498
https://technet.microsoft.com/en-us/library/cc736378(v=ws.10).aspx
https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

 

3 Comments

  1. I really wonder how come you titled this particular blog post, discount window treatments “Metadata Cleanup of a Domain controller | Sandesh Dubey Blog”.

    In either case I admired the article!Thanks
    for your time-Chiquita

Leave a Reply

Your email address will not be published. Required fields are marked *