none
AD Doms and Trusts still holding old PDC as name holder

    Question

  • Old PDC removed correctly. It is now dead. However, our AD Domains and Trusts still contains the old PDC name, not the new PDC. How do I safely change this?


    aotwadmin

    Thursday, February 23, 2012 4:59 PM

Answers

  • No - it shouldn't.

    To identify all AD specific records (SRV and CNAME) that should be registered for each DC, open the netlogon.dns file in %windir%\system32\config folder on that DC. They should be automatically recreated in DNS when you restart Netlogon service. The one above should be deleted manually

    hth
    Marcin

    • Marked as answer by aotwadmin Friday, February 24, 2012 4:42 PM
    Thursday, February 23, 2012 7:28 PM

All replies

  • Hi,

    You may delete this entry, If I understand you corectly & you are asking about description part "Eagle1".

    How did you remove old DC from active directory?

    Post "netdom query DC" and dcdiag /q result.


    Best Regards,

    Abhijit Waikar.
    MCSA 2003 | MCSA:Messaging | MCTS | MCITP:Server Administrator | Microsoft Community Contributor | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.



    Thursday, February 23, 2012 5:25 PM
  • PDC crashed 1-1/2 weeks ago. We got it "duct-taped" and up long enough to transfer FSMO roles, add another Catalog server and remove it's roles one at a time. At the final role removal we rebooted afterwards and it has not come back up nor will it. All roles transferred perfectly. all tests are 100%.

    The old PDC is still listed in DNS like so. Should the new PDC be listed here?


    aotwadmin

    Thursday, February 23, 2012 7:07 PM
  • Hello,

    the crashed DC ust be removed with metadata cleanup and also the FSMO roles must be checked incl. DNS zones, zone properties and Name servers.

    http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Thursday, February 23, 2012 7:14 PM
  • No - it shouldn't.

    To identify all AD specific records (SRV and CNAME) that should be registered for each DC, open the netlogon.dns file in %windir%\system32\config folder on that DC. They should be automatically recreated in DNS when you restart Netlogon service. The one above should be deleted manually

    hth
    Marcin

    • Marked as answer by aotwadmin Friday, February 24, 2012 4:42 PM
    Thursday, February 23, 2012 7:28 PM
  • Hi,

    You will need to perform meatdata cleanup to remove failed DC instances from AD but if during metadata cleanup it shows object doesn't exists, you need to then perform manual steps like checking each/every folder in DNS console to remove the old DC records, delete computer object from adsiedit.msc and remove instances from sites and services.

    Clean Up Server Metadata Windows Server 2003 and Windows Server 2003 R2
    http://technet.microsoft.com/en-us/library/cc736378(WS.10).aspx

    or

    http://www.petri.co.il/delete_failed_dcs_from_ad.htm

    Clean Up Server Metadata Windows Server 2008 and higher
    http://technet.microsoft.com/en-us/library/cc816907(WS.10).aspx

    Make sure the followings:

    Once you are done with above, run "ipconfig /flushdns & ipconfig /registerdns", restart DNS and NETLOGON service on each DC.

     


    Best Regards,

    Abhijit Waikar.
    MCSA 2003 | MCSA:Messaging | MCTS | MCITP:Server Administrator | Microsoft Community Contributor | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Thursday, February 23, 2012 7:59 PM
  • Hi,

    Please perform the following steps to remove completely orphaned Domain Controller.

    1. Use the following knowledgebase to remove common Domain Controller settings from the Active Directory.
     
    http://support.microsoft.com/kb/216498
     
    Note 1: You may need to seize the FSMO to alternative Domain Controller Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller
     
    http://support.microsoft.com/kb/255504
     
    Note 2: You may need to configure a new authoritative timerver in the domain.

    2.  Remove old computer account by using "Active Directory Sites and Services" tool.
     
    3.  Remove old DNS and WINS records of the orphaned Domain Controller.
     
    4. Use "ADSIEdit" to remove old computer records from the Active Directory:
        
    a. OU=Domain Controllers,DC=domain,DC=local
    b. CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
    c. CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=domain,DC=local
                  
    5. Force Active Directory replication by using "Repadmin.exe" tool:
     
    Using Repadmin.exe to troubleshoot Active Directory replication
     
    http://support.microsoft.com/kb/229896/

    Regards,


    Arthur Li

    TechNet Community Support

    Friday, February 24, 2012 7:03 AM
  • Did you transfer the time server role since the DC holding PDC role was dead, if not you need to perform that too. One more article to remove the references of the dead DC. You need to cleanup the remnants manually esp in the DNS folder.

    Remove References of a Failed DC/Domain Or Perform Metadata Cleanup

    http://awinish.wordpress.com/2011/05/08/metadata-cleanup-of-a-domain-controller/

    Windows Time Server Role in AD Forest/Domain

    http://awinish.wordpress.com/2011/10/07/time-server-role-in-forestdomain/

    Regards

    Awinish Vishwakarma

    MY BLOG:  awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Friday, February 24, 2012 8:43 AM