Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DC keeps comming back! 2

Status
Not open for further replies.
IceBall

IceBall

Instructor
Mar 26, 2003
37
0
0
SE
I have 3 Domain Controller in my 2000 domain and now 2 DC are removed from det net so I have only one left. I did not run DCPROMO when I removed the 2 DC. To remove the DCs from AD I did as this link says: And now the probleme: The old DC keeps comming in Active Directory Users and Computers and I cant remove them there. They are gone from AD Site and Service.
Why and how do I remove them ones and for all!

/IceBall sweden
 
Sort by date Sort by votes
If u run DCPROMO you can demote the server. Once this is complete check AD sites and Services and make sure the connection is not there. This has worked for me in the past but make sure u log on with Enterprise Admin rights or it wont work properly

Thanks

Rob Hill

Technican
 
Upvote 0 Downvote
Well the problem is that the 2 DC are formated so I cant run DCPROMO on them. I only have one server left in the domain. I just what to remove the old dc objects from "ad users and computers" but they keep comming back when I remove them!

This is in a labb enviroment if you wonder!! :)

/IceBall
 
Upvote 0 Downvote
Think u better mess with DNS. You should erase all references about those computers. In some cases, DNS does not reply properly and can cause problems with the replication.
After cheking the names, clean the DNS cache
 
Upvote 0 Downvote
Krayeger is correct:

After you complete your metadata clean-up try this:

Remove the cname record in the _msdcs. root domain of forest zone in DNS. Assuming that DC is going to be reinstalled and re-promoted, a new NTDS settings object is created with a new globally unique identifier (GUID) and a matching cname record in DNS. You do not want the DC's that exist to use the old cname record.

As best practice you should delete the hostname and other DNS records. If the lease time that remains on Dynamic Host Configuration Protocol (DHCP) address assigned to offline server is exceeded then another client can obtain the IP address of the problem DC.


Now that the NTDS setting object has been deleted we can now delete the following objects:
Use ADSIEdit to delete the computer account in the OU=Domain Controllers,DC=domain...

NOTE : The FRS subscriber object is deleted when the computer object is deleted, since it is a child of the computer account.


Use ADSIEdit to delete the FRS member object in CN=Domain System Volume (SYSVOL share),CN=file replication service,CN=system....


In the DNS console, use the DNS MMC to delete the cname (also known as the Alias) record in the _msdcs container.


In the DNS console, use the DNS MMC to delete the A (also known as the Host) record in DNS.


If the deleted computer was the last domain controller in a child domain and the child domain was also deleted, use ADSIEdit to delete the trustDomain object for the child in CN=System, DC=domain, DC=domain, Domain NC.
Hewissa

MCSE, CCNA, CIW
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
0
Views
92
DTGMI
DTGMI
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
67
RRankin355
RRankin355
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
130
goombawaho
goombawaho
goombawaho
  • Locked
  • Question
Windows Server Backup
Replies
9
Views
113
goombawaho
goombawaho
Zych1
  • Locked
  • Question
Second DC not allowing logins
Replies
1
Views
29
Zych1
Zych1

Part and Inventory Search

Sponsor

Back
Top