Options

Removing a Domain entry from AD

qwertyiopqwertyiop Member Posts: 725 ■■■□□□□□□□
When My company started they had a Domain called Fred and later on created a second domain called Ginger.

A few years ago we tookdown the Fred domain and now whenever we create join a new PC to the Ginger domain it shows Fred on the list of domains that we can logon to.

Any idea how to remove it?

Comments

  • Options
    RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    Check and see if there is still a trust between the two of them. Although, I'm not sure Ginger could ever trust anyone again after Fred...
  • Options
    earweedearweed Member Posts: 5,192 ■■■■■■■■■□
    Check and see if there is still a trust between the two of them. Although, I'm not sure Ginger could ever trust anyone again after Fred...
    Yeah, especially after he left her for Wilma
    No longer work in IT. Play around with stuff sometimes still and fix stuff for friends and relatives.
  • Options
    qwertyiopqwertyiop Member Posts: 725 ■■■□□□□□□□
    I just got off the phone with Microsoft support on this one and have a solution:

    You can forcefully remove a domain trust using the ntdsutil

    so here is step by step how to remove a domain trust forcefully:

    goto command line:

    type: ntdsutil
    type: m c
    type: connections
    type: connect to server <dc you are on in caps>
    type: q
    type: s o t
    type: list domains
    here you should see a list of domains with a number to the left, use the number to reference which domain you want to connect to and delete
    type: select domain <number you want to delete>
    type: q
    type: remove selected domain

    And your done. If it gives you an error you can use the adsiedit.msc command to remove a lost and found connections, basically look through the HUGE tree of stuff for a lost and found and delete any reference to the domains you want to get rid of. Then go through the ntdsutil again to try and remove it again. Good luck, I hope this helps some poor sap like I used to be!

    Good luck!
  • Options
    it_consultantit_consultant Member Posts: 1,903
    Make sure you note this to potential employers. I have had to do a couple of meta data cleanups (thats what this is called) and you would be surprised how many seasoned IT pros will simply not touch NTDS Utility.

    Once I had to do a role seizure when the primary domain controller lost a RAID card, then I had to do an AD cleanup.
  • Options
    DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    Make sure you note this to potential employers. I have had to do a couple of meta data cleanups (thats what this is called) and you would be surprised how many seasoned IT pros will simply not touch NTDS Utility.

    I had a teacher who just had us play with this for a class. It had very little to do with our class, and I would by no means consider myself an expert, but it is an awesome tool.
    Decide what to be and go be it.
  • Options
    qwertyiopqwertyiop Member Posts: 725 ■■■□□□□□□□
    Make sure you note this to potential employers.

    Note which part? Me being able to do this?
  • Options
    RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    Had you looked in AD Domains and Trusts first?
    qwertyiop wrote: »
    Note which part? Me being able to do this?

    Yes, this is the kind of experience you don't get very often! Good thing to bring up in an interview if you can
  • Options
    qwertyiopqwertyiop Member Posts: 725 ■■■□□□□□□□
    Had you looked in AD Domains and Trusts first?

    Yes I had. It showed up in there but I couldnt do anything with it since that domain was already offline.
  • Options
    vColevCole Member Posts: 1,573 ■■■■■■■□□□
    qwertyiop wrote: »
    Note which part? Me being able to do this?


    Yes, this is huge! I've had to do this a few times at various companies, and it's a great tool to learn :)
  • Options
    Mojo_666Mojo_666 Member Posts: 438
    If you want some fun using this tool in a way that most of you will need to use at some point then build a new dc for your domains, switch it off, format it (very important so it never re-enters production) then use ntdsutil to clean up the meta data left behind.

    Delete Failed DCs from Active Directory
  • Options
    DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    Sorry to hijack your thread a bit here, but this discussion just brought home to me the fact that I still know nothing. I've been studying for the 70-293 for awhile now and the progress has been slow because its mostly review. Also against my favor is that I have recently been hired by the company that I was contracting for so money isn't much of an issue anymore.

    Hopefully now that I have been reminded about how little I know, I can get back in there and bring the MCSE home.

    Thanks for the interesting discussion. :)
    Decide what to be and go be it.
  • Options
    it_consultantit_consultant Member Posts: 1,903
    Yeah, this is not covered in MCSE! Its a special task, even though I have done it a bunch of times I still have the Technet article up just so I don't do anything dumb.
  • Options
    dynamikdynamik Banned Posts: 12,312 ■■■■■■■■■□
    Yeah, this is not covered in MCSE! Its a special task, even though I have done it a bunch of times I still have the Technet article up just so I don't do anything dumb.

    Are you sure? I remember it being covered in 294.
  • Options
    Mojo_666Mojo_666 Member Posts: 438
    dynamik wrote: »
    Are you sure? I remember it being covered in 294.

    That's microsofts/windows cert services, think he was refering to buying one from a public CA, installing it etc.
  • Options
    RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    Mojo_666 wrote: »
    That's microsofts/windows cert services, think he was refering to buying one from a public CA, installing it etc.

    I think you are in the wrong thread...
  • Options
    Mojo_666Mojo_666 Member Posts: 438
    I think you are in the wrong thread...

    Well spotted icon_redface.gif
  • Options
    RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    Yeah, this is not covered in MCSE! Its a special task, even though I have done it a bunch of times I still have the Technet article up just so I don't do anything dumb.

    I covered this in studying for my MCSE. I used the MOAC material. NTDSUTIL was certainly covered as were other advanced tools like ADSI Edit.

    And you are right, you should always perform an action like this with the reference material at hand and I would suggest you type it out in notepad and have a buddy look over it before you run it.
  • Options
    it_consultantit_consultant Member Posts: 1,903
    Yeah, I seem to remember the NTDS utility being covered, but when I studied it they focused on how to do authoritative restores of AD and what not, I learned about meta data cleanups when I had my feet to the fire. That doesn't mean metas weren't covered for other people though.
Sign In or Register to comment.