Skip to main content

Ask the Expert: Cleaning Up Stale Domain Controllers aka Metadata Clean Up by Danny Poull

Every so often, a windows admin enters a new environment or has to upgrade his/hers domain controllers, and every so often, it doesn’t go perfect as planned. Some domain controllers’ records are left behind. When domain controllers are not cleaned up, other problems can begin to occur and reek random havoc on your network. Some of the problems are group policy issues, others are DNS resolution. This topic will cover how to clean up the mess that is left behind so that way your old environment’s domain controllers are gone and new environment is replicating and humming along. I also recommend following this after decommissioning and old domain controllers to make sure that it is 100% removed.

In Windows 2008 or newer domain controller versions, you can use 2 of the methods to clean up domain controllers. The first is in active directory. Launch active directory “Users and Computers”, locate your domain, expand your domain, and locate the domain controller OU. Right click on the server and delete.



A window will pop up and say you should run a DCPromo properly on that server, but this topic assumes you tried that.
Check the box and click Delete



Method 1 is now complete. Pretty Easy.

The second method is similar to first. Launch active directory “Sites and Services” expand you locations, expand your servers, and locate the NTDS settings object. Right click on the server and delete.  You will be prompted similar in method 1, that you can no longer DCPromo the server properly and are you sure you want to delete it. Click the check box and delete. Then right click the server and delete that object as well.




Method 3 works on any version of Domain controller Microsoft server version. It is completed via a tool called ntdsutil.
First open command prompt as administrator on a domain controller
Type: ntdsutil
Type: metadata cleanup
Type: connections
Type: connect to server ‘xxxxxxx’   (where xxxxxx is the name of you primary domain controller you are not decommissioning)
Type: quit
Type: select operation target
Type: list domains
This will give you a list of all domains with corresponding numbers
Typically your domain will be 0
Type: select domain 0
Type: list sites
This will give you a list of all domains with corresponding numbers
Typically your domain will be 0 if you only have 1 location or your domain is setup as 1 location
Type: select site 0
Next you will select the server
Type: list servers in site
Type: select server “X”  (where server X is the old domain controller)





Type: quit
Type: Remove selected server
You will be prompted


All done. All 3 methods will work. I prefer method 3.

When complete, you will want to run a sync command on your domain controller to immediately tell the other servers that the server is gone.

Open command prompt:
Type: repadmin /syncall /edAPq
Then as one final check, launch DNS manager.
Locate your forward lookup zone
Locate your internal domain. Right click and go to propertied. Navigate to Name Servers tab.
Remove any DNS/Domain controllers that are no longer around



Then drill down through every DNS folder and record to make sure that is nothing lingering that referenced the Domain Controller that was removed, right click and delete it.



Now that you are all done. Do not allow that domain controller back on the network, or you will have to repeat these steps. Also, if things are still not right, a call over to Microsoft is worth it at this point. A small ticket fee to Microsoft and some of your time upfront will save you hours and maybe even days in the future as lingering domain controller records is effecting the core of your Microsoft network.

If you have any questions or would like assistance with this cleanup, contact service at 847.427.2365 or service@ccc1.com

Comments

Post a Comment

Popular posts from this blog

How Much Does Downtime Really Cost Your Business?

Many SMB owners think IT downtime only costs them a few productive hours, but there’s a lot more at stake when your systems go down. Customer satisfaction and loss of brand integrity are just two of the key losses apart from the more evident costs such as lost productivity and a temporary dip in sales. Here’s a few other ways downtime can hurt your business: 1. Customer Loss - Today’s buyer lacks patience; They are used to getting everything at the click of a mouse, at the tap of a finger. Suppose they are looking for the kind of products/services that you offer and your site doesn’t load or is unavailable—even if temporarily-- you are likely to lose them to a competitor—permanently. 2. Damage to Brand Reputation - Customers are now using Social media platforms like Facebook and Twitter and blogs to vent their bad brand experiences. Imagine an irate customer who doesn’t know if their card was charged on your site, or not, due to a server error. If it’s your...
Post a Comment
Read more

Four Key Components of a Robust Security Plan Every SMB Must Know

Four Key Components of a Robust Security Plan Every SMB Must Know Most businesses are now technology dependent. This means security concerns aren’t just worrisome to large corporate enterprises anymore, but also the neighborhood sandwich shop, the main street tax advisor, and the local non-profit. Regardless of size or type, practically any organization has valuable digital assets and data that should not be breached under any circumstances. This makes it the responsibility of every business, especially those collecting and storing customer/client information, to implement a multipronged approach to safeguard such information. Yes, we’re looking at you, Mr. Pizza Shop Owner who has our names, addresses, phone numbers, and credit card information stored to make future ordering easier and hassle free. Today’s SMB Needs a Robust Security Plan Protecting your business and its reputation comes down to developing, implementing, and monitoring a robust security p...
Post a Comment
Read more

3 Things to Consider Before Jumping Into BYOD

3 Things to Consider Before Jumping Into BYOD You’ve read it time and time again. “Bring Your Own Device” isn’t a trend, it’s the future. Workplaces where companies let workers use their own devices for work purposes are the new normal. BYOD attracts new hires and lifts employee morale and productivity. But this doesn’t mean a small business owner should recklessly jump right into BYOD just because everyone else is doing it.  Data and network security concerns have to be thought out, defined, and addressed in a comprehensive BYOD policy. Here are three things to consider. Cost of Support Most businesses salivate at the thought of the money saved by having employees participate in a BYOD program. With employees using their own devices for work, there is no need to shell out thousands of dollars for desktop PCs, smartphones, tablets, and laptops. While that’s undoubtedly a huge incentive, extra support costs must also be factored in. Chances are your employ...
Post a Comment
Read more