Active Directory How-To pages

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on his Active Directory. This helps him identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

Account Management » Active Directory How-To pages

How to remove a domain controller that no longer exists?

Incomplete addition or removal of a domain controller can lead to inconsistency in data due to the presence of a domain controller that exists, but is not completely functional. This hinders other processes and complete cleanup is required. The following steps describe how to cleanup the metadata.

  1. In the command line, type ntdsutil and press enter.
    C:\WINDOWS→ntdsutil
    You will see the following prompt displayed in the command prompt window:
    ntdsutil:
  2. At the Ntdsutil: prompt, type metadata cleanup
    ntdsutil: metadata cleanup
    Once you are done with that, the metadata cleanup prompt will appear like this:
    metadata cleanup:
  3. At the 'metadata cleanup:' prompt, type connections and press Enter.

    metadata cleanup: connections
    Now the server connections mode is on, as mentioned below:
    server connections:
  4. In 'server connections:', type :
    connect to server < servername→

    Here <servername→ is the domain controller (any functional domain controller in the same domain) from which you plan to clean up the metadata of the failed domain controller. Press Enter after entering your server name. In this case, consider the server name to be server100. You will see the following entry.
    server connections: connect to server server100
    Binding to server100 ...
    Connected to server100 using credentials of locally logged on user.

  5. Type 'q' in server connections to quit and press Enter to return to the metadata cleanup prompt.
    server connections: q
    metadata cleanup:
  6. In metadata cleanup, type select operation target and press Enter.
    metadata cleanup: Select operation target
    Now select operation target mode will come up.
    select operation target:
  7. Type list domains and press Enter.
    select operation target: list domains
    This lists all domains in the forest with a number associated with each.
    Found 1 domain(s)
    0 - DC=dorg,DC=net
  8. Type select domain <number→, where <number→ corresponds to the domain in which the failed server was located. Press Enter.
    select operation target: Select domain 0
    We specify the number as 0 here, as the previous prompt let us know that 0 is the number assigned to the domain "dorg.net". Next you will see:
    No current site
    Domain - DC=dorg,DC=net
    No current server
    No current Naming Context
  9. Type list sites and press Enter.
    select operation target: List sites
    The sites belonging to this domain are then listed as below:
    Found 1 site(s)
    0-CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg,DC=net
  10. Type select site <number→, where <number→ refers to the number of the site in which the domain controller was a member. Press Enter.
    select operation target: Select site 0
    We specify the number as 0 here, as the previous prompt let us know that 0 is the number assigned to the site available. Next you will see:
    Site-CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg,zC=net
    Domain - DC=dorg,DC=net
    No current server
    No current Naming Context
  11. Type list servers in site and press Enter.
    select operation target: List servers in site
    This will list all servers in that site with a corresponding number.
    Found 2 server(s)
    0-CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg,DC=net
    1-CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg,DC=net
  12. Type select server <number→ and press Enter, where <number→ refers to the domain controller to be removed.
    select operation target: Select server 0
    The number is 0 since we want to take out server200. You will be able to view:

    Site-CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg,DC=net Domain - DC=dorg,DC=net
    Server-CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg,DC=net
    DSA-object-CN=NTDSSettings,CN=SERVER200,CN=Servers, CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dorg, DC=net DNS host name - server200.dorg.net
    Computer object-CN=SERVER200,OU= Domain Controllers,DC=dorg,DC=net
  13. Type 'q' to quit and press Enter. The Metadata cleanup menu is displayed.
    select operation target: q
    metadata cleanup:
  14. Type "remove selected server" and press Enter. You will receive a warning message. Read it, and if you agree, press Yes.

    metadata cleanup: Remove selected server
    "CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,
    CN=Sites,CN=Configuration,DC=dorg,DC=net" removed from server "server100"

  15. Type quit, and press Enter until you return to the command prompt to remove the failed server object from the sites.
  16. In Active Directory Users and Computers, expand the domain controllers container. Delete the computer object associated with the failed domain controller.
  17. Windows Server 2003 AD might display a new type of question window, asking you if you want to delete the server object without performing a DCPROMO operation . Select “This DC is permanently offline…” and click on the Delete button.
  18. AD will display another confirmation window. If you’re sure that you want to delete the failed object, click Yes to remove the failed server object from DNS.
  19. In the DNS snap-in, expand the zone that is related to the domain from where the server has been removed. Remove the CNAME record in the _msdcs.root domain of forest zone in DNS. You should also delete the HOSTNAME and other DNS records. If you have reverse lookup zones, also remove the server from these zones.

Explore Active Directory auditing and reporting with ADAudit Plus.

  • Enter your email id
    Please enter a valid email id
  • Enter your phone number
  • Select demo date
  •  
  • By clicking 'Schedule a personalized demo', you agree to processing of personal data according to the Privacy Policy. You can unsubscribe from our mails at anytime.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing