Had 3 domain controllers, 1 failed yesterday

Best way to remove this from AD? obviously i cant boot it up and demote it. I was going to run the ntdsutil on the other 2 and remove metadata? Do i need to remove anything from sites/services or anything or will that take care of it? it was 2003.

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

MrAgent

Make sure you remove all entries from DNS as well.

Clean up server metadata: Active Directory

tdean

MrAgent wrote: »

Make sure you remove all entries from DNS as well.

Clean up server metadata: Active Directory

oh yeah... good call. so i just run this on the remaining 2 controllers? Can i do this during production hrs? How long does it usually take? We're not very big, thus no need to rebuild the server.

MrAgent

You just need to do it on one server. Once the metadata cleanup is done, the changes will replicate to the other DC. Just make sure you clean up your DNS servers is all.

I worked at an agency that had several DCs tombstone because of bad (international) connection issues, so I have done this quite a few times.

Yes you can do this during production, and it shouldnt take very long at all. Its just a series of commands youll run. Follow the instructions listed on the TechNet site.

tdean

MrAgent wrote: »

You just need to do it on one server. Once the metadata cleanup is done, the changes will replicate to the other DC. Just make sure you clean up your DNS servers is all.

I worked at an agency that had several DCs tombstone because of bad (international) connection issues, so I have done this quite a few times.

Yes you can do this during production, and it shouldnt take very long at all. Its just a series of commands youll run. Follow the instructions listed on the TechNet site.

ok, thats great. thanks. i manually removed SOA etc from DNS, im assuming thats the only way to get rid of all that?

MrAgent

And any other records. The link should have more information on removing everything from DNS.

tdean

Doesnt seem to be working for me....

ntdsutil: metadata cleanup
metadata cleanup: remove selected server tcs-dbc
Binding to localhost ...
Connected to localhost using credentials of locally logged on user.
LDAP error 0x22(34 (Invalid DN Syntax).
Ldap extended error message is 0000208F: NameErr: DSID-031001BA, problem 2006 (BAD_NAME), data 8350, best match of:
'CN=Ntds Settings,tcs-dbc'
Win32 error returned is 0x208f(The object name has bad syntax.)
)
Unable to determine the domain hosted by the DC (5). Please use the connection m
enu to specify it.
Disconnecting from localhost...
metadata cleanup: connection
server connections: connect to server tcs-dbc
Binding to tcs-dbc ...
DsBindW error 0x6ba(The RPC server is unavailable.)
server connections: quit
metadata cleanup: quit
ntdsutil: quit

undomiel

If tcs-dbc is the server you're trying to clean-up you won't be able to connect to it. You need to connect to one of your other DCs and then select the site, domain, and server tcs-dbc or whatever your failed server is. Then you can remove the failed server.

tdean

Got it!!!

Thanks!