locked
Remove Orphaned DC RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Have an Active Directory where there is an old DC that is no longer in use and will no be needed anymore.

    What is the proper way to delete this DC?

    CAn i just delete it out of AD and then remove it from sites and services? the DC's are still trying to replicate with it.

    it was a GC server and I already have other GC's on the domain. IT had none of the FSMO roles.

    Thank You

    Friday, May 18, 2012 7:40 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    here's a link with the information you need.

    http://support.microsoft.com/kb/555846

    Friday, May 18, 2012 8:35 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    Please read this great article:

    Complete Step by Step to Remove an Orphaned Domain Controller (Ace Fekay - MVP)

    Regards

    Saturday, May 19, 2012 12:11 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    If you have Win2008 DC you can also run metadata by GUI refer below links to perform the same.

    To clean up server metadata by using Active Directory Users and Computers(GUI)
    http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

    Metadata Cleanup of a Domain controller using ntdsutil
    http://sandeshdubey.wordpress.com/2011/10/12/metadata-cleanup-of-a-domain-controller/

    Once done you need to remove faulty server from AD sites and service,DC OU,DNS.

    To remove the failed server object from the sites
    1. In Active Directory Sites and Services, expand the appropriate site.
    2. Delete the server object associated with the failed domain controller.

    To remove the failed server object from the domain controllers container
    1. In Active Directory Users and Computers, expand the domain controllers container.
    2. Delete the computer object associated with the failed domain controller.

    To remove the failed server object from DNS
    1. In the DNS snap-in, expand the zone that is related to the domain from where the server has been removed.
    2. Remove the CNAME record in the _msdcs.root domain of forest zone in DNS. You should also delete the HOSTNAME and other DNS records.
    3. If you have reverse lookup zones, also remove the PTR record of the server from these zones.

    If faulty DC is FSMO role holder you need to seize the FSMO on other DC.Check the FSMO role holder run netdom query fsmo.Seizing FSMO Roles:http://www.petri.co.il/seizing_fsmo_roles.htm

    Also Configure authorative time server on the PDC role holder server below is the KB article for the same.
    http://support.microsoft.com/kb/816042

    Hope this helps

    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    • Marked as answer by 朱鸿文 Wednesday, May 23, 2012 2:23 AM
    Saturday, May 19, 2012 1:46 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Have an Active Directory where there is an old DC that is no longer in use and will no be needed anymore.

    What is the proper way to delete this DC?

    CAn i just delete it out of AD and then remove it from sites and services? the DC's are still trying to replicate with it.

    it was a GC server and I already have other GC's on the domain. IT had none of the FSMO roles.

    Thank You

    Please don't Directory delete out the AD and remove it from sites and services manually

    patris has already given you good link to accomplish this.

    If you have a DC which  is no longer needed , Then You need to run dcpromo on it and demote it.

    You said it had no FSMO Role. I would recommed you to cross check this by running netdom query fsmo command line.

    If for some reason , DCpromo is not able to remove the DC then you need to forcefully remove the DC from AD by running dcpromo /forceremoval

    Once done you need to perfrom metadata cleanup

    http://support.microsoft.com/kb/216498

    Regards,

    _Prashant_

    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Proposed as answer by 朱鸿文 Monday, May 21, 2012 2:56 AM
    • Marked as answer by 朱鸿文 Wednesday, May 23, 2012 2:23 AM
    Saturday, May 19, 2012 6:58 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Can i just delete it out of AD and then remove it from sites and services? the DC's are still trying to replicate with it.

    it was a GC server and I already have other GC's on the domain. IT had none of the FSMO roles.

    Thank You

    Hello GM,
    Since it is GC all other DC's are trying to replicate with it. So I suggest you just remove GC role(deselect GC option) from delete server (details are in attached snap shot)

    Since this server does't have any FSMO roles, seizing/transferring of FSMO is not required at all.

    Anyways you need to clean metadata from AD and here is the link to delete DC's data from AD: http://www.petri.co.il/delete_failed_dcs_from_ad.htm

    Regards, Ravikumar P

    • Proposed as answer by 朱鸿文 Monday, May 21, 2012 2:56 AM
    • Marked as answer by 朱鸿文 Wednesday, May 23, 2012 2:24 AM
    Sunday, May 20, 2012 10:13 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    here's a link with the information you need.

    http://support.microsoft.com/kb/555846

    Friday, May 18, 2012 8:35 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Make sure there are no FSMO roles attached to it before doing anything else.

    Friday, May 18, 2012 9:49 PM
  • Question
    Sign in to vote
    1
    Sign in to vote

    Good link Duva,

    GM123,

    From that procedure linked by Duva, the only caution I would throw would be the last step of forcing a replication cycle.

    Depending on the environment doing so will override custom replication schedules/interval. (e.g. some organizations still have a lag site deployed and forcing a sync would also replicate into the lag site...)

    In general, if you are _not_ dealing with an emergency you are better off waiting for AD to replicate on its own.

    Friday, May 18, 2012 11:39 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    Please read this great article:

    Complete Step by Step to Remove an Orphaned Domain Controller (Ace Fekay - MVP)

    Regards

    Saturday, May 19, 2012 12:11 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    If you have Win2008 DC you can also run metadata by GUI refer below links to perform the same.

    To clean up server metadata by using Active Directory Users and Computers(GUI)
    http://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

    Metadata Cleanup of a Domain controller using ntdsutil
    http://sandeshdubey.wordpress.com/2011/10/12/metadata-cleanup-of-a-domain-controller/

    Once done you need to remove faulty server from AD sites and service,DC OU,DNS.

    To remove the failed server object from the sites
    1. In Active Directory Sites and Services, expand the appropriate site.
    2. Delete the server object associated with the failed domain controller.

    To remove the failed server object from the domain controllers container
    1. In Active Directory Users and Computers, expand the domain controllers container.
    2. Delete the computer object associated with the failed domain controller.

    To remove the failed server object from DNS
    1. In the DNS snap-in, expand the zone that is related to the domain from where the server has been removed.
    2. Remove the CNAME record in the _msdcs.root domain of forest zone in DNS. You should also delete the HOSTNAME and other DNS records.
    3. If you have reverse lookup zones, also remove the PTR record of the server from these zones.

    If faulty DC is FSMO role holder you need to seize the FSMO on other DC.Check the FSMO role holder run netdom query fsmo.Seizing FSMO Roles:http://www.petri.co.il/seizing_fsmo_roles.htm

    Also Configure authorative time server on the PDC role holder server below is the KB article for the same.
    http://support.microsoft.com/kb/816042

    Hope this helps

    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    • Marked as answer by 朱鸿文 Wednesday, May 23, 2012 2:23 AM
    Saturday, May 19, 2012 1:46 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Have an Active Directory where there is an old DC that is no longer in use and will no be needed anymore.

    What is the proper way to delete this DC?

    CAn i just delete it out of AD and then remove it from sites and services? the DC's are still trying to replicate with it.

    it was a GC server and I already have other GC's on the domain. IT had none of the FSMO roles.

    Thank You

    Please don't Directory delete out the AD and remove it from sites and services manually

    patris has already given you good link to accomplish this.

    If you have a DC which  is no longer needed , Then You need to run dcpromo on it and demote it.

    You said it had no FSMO Role. I would recommed you to cross check this by running netdom query fsmo command line.

    If for some reason , DCpromo is not able to remove the DC then you need to forcefully remove the DC from AD by running dcpromo /forceremoval

    Once done you need to perfrom metadata cleanup

    http://support.microsoft.com/kb/216498

    Regards,

    _Prashant_

    MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Proposed as answer by 朱鸿文 Monday, May 21, 2012 2:56 AM
    • Marked as answer by 朱鸿文 Wednesday, May 23, 2012 2:23 AM
    Saturday, May 19, 2012 6:58 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello,

    metadata cleanup is required and also DNS zones and zone properties, Name server tab must be cleaned from old entries.

    http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx

    After seizing FSMO roles, especially the PDCEmulator the time service must be reconfigured on the new one http://msmvps.com/blogs/mweber/archive/2010/06/27/time-configuration-in-a-windows-domain.aspx

    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Saturday, May 19, 2012 9:32 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    If you haven't performed the metadata cleanup of the failed DC, you have to complete it and there is no exception for this.You can refer one more article to remove the remnants manually which is not cleaned up during demotion and they continue to exists in the AD database.

    Remove References of a Failed DC/Domain Or Perform Metadata Cleanup

    http://awinish.wordpress.com/2011/05/08/metadata-cleanup-of-a-domain-controller/

    I believe you have transferred the time server role too to the new DC holding PDC role, becasue DC holding the PDC role also acts as a time server.

    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Sunday, May 20, 2012 7:59 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,

    Can i just delete it out of AD and then remove it from sites and services? the DC's are still trying to replicate with it.

    it was a GC server and I already have other GC's on the domain. IT had none of the FSMO roles.

    Thank You

    Hello GM,
    Since it is GC all other DC's are trying to replicate with it. So I suggest you just remove GC role(deselect GC option) from delete server (details are in attached snap shot)

    Since this server does't have any FSMO roles, seizing/transferring of FSMO is not required at all.

    Anyways you need to clean metadata from AD and here is the link to delete DC's data from AD: http://www.petri.co.il/delete_failed_dcs_from_ad.htm

    Regards, Ravikumar P

    • Proposed as answer by 朱鸿文 Monday, May 21, 2012 2:56 AM
    • Marked as answer by 朱鸿文 Wednesday, May 23, 2012 2:24 AM
    Sunday, May 20, 2012 10:13 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi,
     
    As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful. If the issue still persists, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.
     
    BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.
     
    Best Regards
     
    Kevin

     

    TechNet Community Support

    Wednesday, May 23, 2012 2:22 AM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thanks for the responses.

    this server is no longer alive and accessible so do i do the adsiedit removals before I remove from ad container and site and services?

    Then do removal from DNS

    does it matter the order? This Controller did not have the fsmo roles nor is it the time server

    thanks

    Wednesday, May 23, 2012 2:40 AM