Tuesday, May 08, 2012 5:49 AM
Recently, i have demoted my Child Domain controller in the domain.
But, still in clients and other member servers i am able to see my domoted Child domain in the logon to listbox.
How to remove by de-commisoned domain form the logon to list for clients and member servers. Please suggest.
Tuesday, May 08, 2012 6:11 AM
please check if the trust to the child domain is still there.
Take a look at:
Regards, Martin Forch
Tuesday, May 08, 2012 6:14 AM
How have you demoted DC,was the demotion graceful or normal?If the server was demoted forcefully you need to run metdata cleanup to remove the domain from AD database and dns.
How to ran metadata cleanup on the Forest Root DC to delete the child domain.
- ntdsutil: metadata cleanup
- metadata cleanup: connections
- server connections: connect to server DC01
Binding to DC01 ...
Connected to titanic using credentials of locally logged on user
- server connections: quit
- metadata cleanup: select operation target
- select operation target: list domains
Found 3 domain(s)
0 - DC=Microsoft,DC=com
1 - DC=Child1,DC=Microsoft,DC=com
2 - DC=Child2,DC=Microsoft,DC=com
- select operation target: select domain 2
Site - CN=London,CN=Sites,CN=Configuration,DC=Microsoft,DC=com
Domain - DC=Child2,DC=Microsoft,DC=com
No current server
No current Naming Context
- select operation target: quit
- metadata cleanup: remove selected domain
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
- Edited by Sandesh DubeyMicrosoft Community Contributor Tuesday, May 08, 2012 6:14 AM
- Edited by Sandesh DubeyMicrosoft Community Contributor Tuesday, May 08, 2012 6:15 AM
- Proposed As Answer by Arthur_LiMicrosoft Contingent Staff, Moderator Tuesday, May 08, 2012 8:14 AM
- Marked As Answer by Arthur_LiMicrosoft Contingent Staff, Moderator Monday, May 14, 2012 3:04 AM
- Unmarked As Answer by Dev_Rabbi Thursday, May 17, 2012 8:27 AM
- Marked As Answer by Dev_Rabbi Thursday, May 17, 2012 8:27 AM
Tuesday, May 08, 2012 9:07 AMModerator
If you have demoted your child domain, then you need to give sometime to replicate those changes to the other DC's in the domain.You can reference below article to remove the remnants which are not removed either you demote the domain or DC. Also, lets us know, did you demote all the child domain DC first and then finally removed child domain or directly removed child domain without demoting the DC's first. Also, go the AD domain and trust console and see if the child domain is listed there or not, if yes get rid of it.
Remove References of a Failed DC/Domain Or Perform Metadata Cleanup http://awinish.wordpress.com/2011/05/08/metadata-cleanup-of-a-domain-controller/
Awinish Vishwakarma - MVP - Directory ServicesMy Blog: awinish.wordpress.com Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.
Tuesday, May 08, 2012 9:24 AM
in addition to my previos post, please check if the domain is shown under the trusted domains within the domain and truts console.
How to do that?
open the domain and trusts console --> Right click on the root domain --> properties and check if the subdomain is listed in incoming and outgoing trusts. When the domain is still there get rid of it.
Regards, Martin Forch
Tuesday, May 08, 2012 9:40 AM
Sometime this happens if the trustDomain object for child domain is still present in AD. You can maunally remove TDO this way - use ADSIEdit to delete the trustDomain object for the child. To do this, follow these steps:
- Click Start, click Run, type adsiedit.msc, and then click OK
- Expand the Domain NC container.
- Expand DC=<var>Your Domain</var>, DC=COM
- Expand CN=System.
- Right-click the Trust Domain object, and then click Delete.
Let me know if this resolves your issue!