Delete orphan DCs from Active Directory
The following commands should be run to cleanup orphan domains and domain controllers.
At the command prompt, type ntdsutil
ntdsutil: metadata cleanup
Metadata cleanup: connections
Server connections: connect to server yourserver.yourdomain.com (i.e. the root forest domain controller) Binding to yourserver.yourdomain.com ……. Connected to yourserver.yourdomain.com using credentials of locally logged on user server connections: quit (You are now connected to the domain controller)
Metadata cleanup: select operation target
Select operation target: list domains
(Lists all domains in the forest) Found 7 domains(s)
0 – DC=yourserver, DC=yourdomain, DC=com
1 – DC=……….. (Listing of all domains in the forest)
Select operation target: select domain x
(Where x is the number of the domain to be deleted and/ or where the domain controller to be deleted is located) No current site
Domain – DC=….. No current server
No Current Naming Context
Select operation target: list sites
Found 1 site(s)
0 – CN=yoursite, CN=Sites, CN=Configuration, DC=yourserver, DC=yourdomain, DC=com
Select operation target: select site x
(Where x is the number of the site where the domain and/or the domain controller to be deleted is located)
Site – CN=yoursite, CN=Sites, CN=Configuration, DC=yourserver, DC=yourdomain, DC=com
Domain – DC=……..
No current server No current Naming Context
Select operation target: list servers in site
Found 6 server(s) 0 – CN=……… 1 – CN=………. (Listing of all servers found in the site selected)
Select operation target: select server x
(Where x is the number of the server to be deleted from the list displayed in the previous operation)
Site – CN=yoursite, CN=Sites, CN=Configuration, DC=yourserver, DC=yourdomain, DC=com
Domain – DC=……
Server – CN=…….
DSA object – CN=NTDS Settings, CN=…….. (Display of the domain, server and settings for the domain controller to be deleted)
No current Naming Context
select operation target: quit
Metadata cleanup: remove selected server
“CN=……..” server being removed (A popup window is also displayed verifying you really want to delete this domain controller) removed from server “yourserver.yourdomain.com” (verifies the removal of the domain controller) metadata cleanup: remove selected domain
“DC=…….” removed from server “yourserver.yourdomain.com” (verifies the removal of the domain)
Note: At this point, Active Directory confirms that the domain controller was removed successfully. If you receive an error that the object could not be found, Active Directory might have already removed from the domain controller.
Metadata cleanup: quit
Ntdsutil: quit
Disconnecting from …………
To remove the failed server object from the sites
1. In Active Directory Sites and Services, expand the appropriate site.
2. Delete the server object associated with the failed domain controller.
To remove the failed server object from the domain controllers container
1. In Active Directory Users and Computers, expand the domain controllers container.
2. Delete the computer object associated with the failed domain controller.
To remove the failed server object from DNS
1. In the DNS snap-in, expand the zone that is related to the domain from where the server has been removed.
2. Remove the CNAME record in the _msdcs.root domain of forest zone in DNS. You should also delete the HOSTNAME and other DNS records.
3. If you have reverse lookup zones, also remove the PTR record of the server from these zones.
The following commands should be run to cleanup orphan domains and domain controllers.
At the command prompt, type ntdsutil
ntdsutil: metadata cleanup
Metadata cleanup: connections
Server connections: connect to server yourserver.yourdomain.com (i.e. the root forest domain controller) Binding to yourserver.yourdomain.com ……. Connected to yourserver.yourdomain.com using credentials of locally logged on user server connections: quit (You are now connected to the domain controller)
Metadata cleanup: select operation target
Select operation target: list domains
(Lists all domains in the forest) Found 7 domains(s)
0 – DC=yourserver, DC=yourdomain, DC=com
1 – DC=……….. (Listing of all domains in the forest)
Select operation target: select domain x
(Where x is the number of the domain to be deleted and/ or where the domain controller to be deleted is located) No current site
Domain – DC=….. No current server
No Current Naming Context
Select operation target: list sites
Found 1 site(s)
0 – CN=yoursite, CN=Sites, CN=Configuration, DC=yourserver, DC=yourdomain, DC=com
Select operation target: select site x
(Where x is the number of the site where the domain and/or the domain controller to be deleted is located)
Site – CN=yoursite, CN=Sites, CN=Configuration, DC=yourserver, DC=yourdomain, DC=com
Domain – DC=……..
No current server No current Naming Context
Select operation target: list servers in site
Found 6 server(s) 0 – CN=……… 1 – CN=………. (Listing of all servers found in the site selected)
Select operation target: select server x
(Where x is the number of the server to be deleted from the list displayed in the previous operation)
Site – CN=yoursite, CN=Sites, CN=Configuration, DC=yourserver, DC=yourdomain, DC=com
Domain – DC=……
Server – CN=…….
DSA object – CN=NTDS Settings, CN=…….. (Display of the domain, server and settings for the domain controller to be deleted)
No current Naming Context
select operation target: quit
Metadata cleanup: remove selected server
“CN=……..” server being removed (A popup window is also displayed verifying you really want to delete this domain controller) removed from server “yourserver.yourdomain.com” (verifies the removal of the domain controller) metadata cleanup: remove selected domain
“DC=…….” removed from server “yourserver.yourdomain.com” (verifies the removal of the domain)
Note: At this point, Active Directory confirms that the domain controller was removed successfully. If you receive an error that the object could not be found, Active Directory might have already removed from the domain controller.
Metadata cleanup: quit
Ntdsutil: quit
Disconnecting from …………
To remove the failed server object from the sites
1. In Active Directory Sites and Services, expand the appropriate site.
2. Delete the server object associated with the failed domain controller.
To remove the failed server object from the domain controllers container
1. In Active Directory Users and Computers, expand the domain controllers container.
2. Delete the computer object associated with the failed domain controller.
To remove the failed server object from DNS
1. In the DNS snap-in, expand the zone that is related to the domain from where the server has been removed.
2. Remove the CNAME record in the _msdcs.root domain of forest zone in DNS. You should also delete the HOSTNAME and other DNS records.
3. If you have reverse lookup zones, also remove the PTR record of the server from these zones.
No comments:
Post a Comment