none
USER OBJECTS FAILING TO BE DELETED FOR A fAILED CHILD DOMAIN even AFTER rEMOVING THE DOMAIN cONTROLLER USING NTDSUTIL

    Question

  • Dear All,

    I have domain with two child domains, the other child domain had all the domain controllers crashed,

    and never fixed back into the network, now on the parent Domain i have performed a metadata clean up which was successful but the user objects are still in the forest for the failed child domain.

    the child domain hasn't been removed as of now. if i remove the child domain using the ntdsutil, is this going to remove the user objects, or there is something i need to do first to remove the users

    please advise

    Regards

    Michael

    Saturday, February 4, 2017 3:40 PM

Answers

All replies


  • the child domain hasn't been removed as of now. if i remove the child domain using the ntdsutil, is this going to remove the user objects, or there is something i need to do first to remove the users

    When you demote the last domain controller of a domain, the domain partition is also deleted which means the users and computers are also deleted. But since you have done a metadata cleanup before actually removing the domain, I guess you should firstly remove the servers in that domain by ntdsutil and then remove the whole domain. However after that, you may still see GUID records of old domain controller in DNS of parent domain (Delegation Zones) which you need to remove them too.


    Mahdi Tehrani   |     |   www.mahditehrani.ir
    Please click on Propose As Answer or to mark this post as and helpful for other people.
    This posting is provided AS-IS with no warranties, and confers no rights.

    Sunday, February 5, 2017 3:49 AM
    Moderator
  • Hi,

    Was your issue resolved? If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, February 10, 2017 8:29 AM
    Moderator
  • Dear Mahdi,

    I followed the same steps as you have indicated, the servers were removed first in AD and sites and services, using ntdsutil, then followed by the child domain itself, after removing the child doamin using ntdsutil all the users for the child domain disappeared and that resolved the problem.

    Thanks for your guide thanks

    Wednesday, February 22, 2017 8:41 PM