Removing a Domain entry from AD

qwertyiop

When My company started they had a Domain called Fred and later on created a second domain called Ginger.

A few years ago we tookdown the Fred domain and now whenever we create join a new PC to the Ginger domain it shows Fred on the list of domains that we can logon to.

Any idea how to remove it?

RobertKaucher

Check and see if there is still a trust between the two of them. Although, I'm not sure Ginger could ever trust anyone again after Fred...

earweed

RobertKaucher wrote: »

Check and see if there is still a trust between the two of them. Although, I'm not sure Ginger could ever trust anyone again after Fred...

Yeah, especially after he left her for Wilma

qwertyiop

I just got off the phone with Microsoft support on this one and have a solution:

You can forcefully remove a domain trust using the ntdsutil

so here is step by step how to remove a domain trust forcefully:

goto command line:

type: ntdsutil
type: m c
type: connections
type: connect to server <dc you are on in caps>
type: q
type: s o t
type: list domains
here you should see a list of domains with a number to the left, use the number to reference which domain you want to connect to and delete
type: select domain <number you want to delete>
type: q
type: remove selected domain

And your done. If it gives you an error you can use the adsiedit.msc command to remove a lost and found connections, basically look through the HUGE tree of stuff for a lost and found and delete any reference to the domains you want to get rid of. Then go through the ntdsutil again to try and remove it again. Good luck, I hope this helps some poor sap like I used to be!

Good luck!

it_consultant

Make sure you note this to potential employers. I have had to do a couple of meta data cleanups (thats what this is called) and you would be surprised how many seasoned IT pros will simply not touch NTDS Utility.

Once I had to do a role seizure when the primary domain controller lost a RAID card, then I had to do an AD cleanup.

Devilsbane

it_consultant wrote: »

Make sure you note this to potential employers. I have had to do a couple of meta data cleanups (thats what this is called) and you would be surprised how many seasoned IT pros will simply not touch NTDS Utility.

I had a teacher who just had us play with this for a class. It had very little to do with our class, and I would by no means consider myself an expert, but it is an awesome tool.

qwertyiop

it_consultant wrote: »

Make sure you note this to potential employers.

Note which part? Me being able to do this?

RobertKaucher

Had you looked in AD Domains and Trusts first?

qwertyiop wrote: »

Note which part? Me being able to do this?

Yes, this is the kind of experience you don't get very often! Good thing to bring up in an interview if you can

qwertyiop

RobertKaucher wrote: »

Had you looked in AD Domains and Trusts first?

Yes I had. It showed up in there but I couldnt do anything with it since that domain was already offline.

vCole

qwertyiop wrote: »

Note which part? Me being able to do this?

Yes, this is huge! I've had to do this a few times at various companies, and it's a great tool to learn

Mojo_666

If you want some fun using this tool in a way that most of you will need to use at some point then build a new dc for your domains, switch it off, format it (very important so it never re-enters production) then use ntdsutil to clean up the meta data left behind.

Delete Failed DCs from Active Directory

Devilsbane

Sorry to hijack your thread a bit here, but this discussion just brought home to me the fact that I still know nothing. I've been studying for the 70-293 for awhile now and the progress has been slow because its mostly review. Also against my favor is that I have recently been hired by the company that I was contracting for so money isn't much of an issue anymore.

Hopefully now that I have been reminded about how little I know, I can get back in there and bring the MCSE home.

Thanks for the interesting discussion.

it_consultant

Yeah, this is not covered in MCSE! Its a special task, even though I have done it a bunch of times I still have the Technet article up just so I don't do anything dumb.

dynamik

it_consultant wrote: »

Yeah, this is not covered in MCSE! Its a special task, even though I have done it a bunch of times I still have the Technet article up just so I don't do anything dumb.

Are you sure? I remember it being covered in 294.

Mojo_666

dynamik wrote: »

Are you sure? I remember it being covered in 294.

That's microsofts/windows cert services, think he was refering to buying one from a public CA, installing it etc.

RobertKaucher

Mojo_666 wrote: »

That's microsofts/windows cert services, think he was refering to buying one from a public CA, installing it etc.

I think you are in the wrong thread...

Mojo_666

RobertKaucher wrote: »

I think you are in the wrong thread...

Well spotted

RobertKaucher

it_consultant wrote: »

Yeah, this is not covered in MCSE! Its a special task, even though I have done it a bunch of times I still have the Technet article up just so I don't do anything dumb.

I covered this in studying for my MCSE. I used the MOAC material. NTDSUTIL was certainly covered as were other advanced tools like ADSI Edit.

And you are right, you should always perform an action like this with the reference material at hand and I would suggest you type it out in notepad and have a buddy look over it before you run it.

it_consultant

Yeah, I seem to remember the NTDS utility being covered, but when I studied it they focused on how to do authoritative restores of AD and what not, I learned about meta data cleanups when I had my feet to the fire. That doesn't mean metas weren't covered for other people though.