An old, old server that was a 2000 DC was shut down a couple of years ago
without being demoted. Now, I still see mention of it all over my DNS
Management. It's in LDAP and kerberos in various places and I'm wondering
if/how I can delete mention of it from within my DNS management console? I
don't know how else to get rid of it. Somebody did go in at one point and
remove it from several places in AD, so references to it are scattered. The
reason I'm thinking that I should do something about this situation is that
whenever I add a server to my DHCP console, it shows this server as an
available DHCP server (which it used to be). Having this server in my AD
can't be good...
Anyway, if I see it referenced in DNS, is it safe to delete?

Thanks!
Mark

Mark

In instances like this a metadata cleanup is required.



"justmark" wrote:

> An old, old server that was a 2000 DC was shut down a couple of years ago
> without being demoted. Now, I still see mention of it all over my DNS
> Management. It's in LDAP and kerberos in various places and I'm wondering
> if/how I can delete mention of it from within my DNS management console? I
> don't know how else to get rid of it. Somebody did go in at one point and
> remove it from several places in AD, so references to it are scattered. The
> reason I'm thinking that I should do something about this situation is that
> whenever I add a server to my DHCP console, it shows this server as an
> available DHCP server (which it used to be). Having this server in my AD
> can't be good...
> Anyway, if I see it referenced in DNS, is it safe to delete?
>
> Thanks!
> Mark

Mark

To remove references to this Domain Controller you will need to perform a
metadata cleanup of the server. The following kb eplains how this can be
done.
Ordinarliy you will run the ntdsutil.exe tool first and then remove the dns
records, review the kb and it will explain what is required - the fact that
some objects pertaining to this DCmay have already been deleted may mean that
when you are following the instructions in the kb these objects may no longer
exist.

Regarding deleting the DNS records associated with this old DC - you can't
do any harm by deleting references to a server that no longer exists.

http://support.microsoft.com/default.aspx/kb/216498

Hope this s

Joe
"justmark" wrote:

> An old, old server that was a 2000 DC was shut down a couple of years ago
> without being demoted. Now, I still see mention of it all over my DNS
> Management. It's in LDAP and kerberos in various places and I'm wondering
> if/how I can delete mention of it from within my DNS management console? I
> don't know how else to get rid of it. Somebody did go in at one point and
> remove it from several places in AD, so references to it are scattered. The
> reason I'm thinking that I should do something about this situation is that
> whenever I add a server to my DHCP console, it shows this server as an
> available DHCP server (which it used to be). Having this server in my AD
> can't be good...
> Anyway, if I see it referenced in DNS, is it safe to delete?
>
> Thanks!
> Mark

Thanks Joe,
That's a scary document - last thing I want is to accidentally kill my AD...
It mentions "Procedure 1: Windows Server 2003 SP1 only" and I'm wondering if
that means to do the procedure on this version or that it applies to removing
an old server of that version? My DCs are now all Server 2003 SP2...

Thanks for the advice on removing DNS entries - that will a lot too!

Mark

Mark
The reference to SP1 mean this: if the server you perfrom the metadata
cleanup on is running SP1 then follow the steps detailed - it is not a
reference to the service pack status of the server that you want to remove.

The reason KB makes the distinction is becasue a DC with SP1 or in your case
SP2 is a little bit "smarter" about what stuff needs to be removed, meaning
you have to do less manual deletion of the NTDS setting relating to the DC.
So the fact you are on SP2 is a plus.

Joe


"justmark" wrote:

> Thanks Joe,
> That's a scary document - last thing I want is to accidentally kill my AD...
> It mentions "Procedure 1: Windows Server 2003 SP1 only" and I'm wondering if
> that means to do the procedure on this version or that it applies to removing
> an old server of that version? My DCs are now all Server 2003 SP2...
>
> Thanks for the advice on removing DNS entries - that will a lot too!
>
> Mark

"Joe" wrote:

> Mark
> The reference to SP1 mean this: if the server you perfrom the metadata
> cleanup on is running SP1 then follow the steps detailed - it is not a
> reference to the service pack status of the server that you want to remove.
>
> The reason KB makes the distinction is becasue a DC with SP1 or in your case
> SP2 is a little bit "smarter" about what stuff needs to be removed, meaning
> you have to do less manual deletion of the NTDS setting relating to the DC.
> So the fact you are on SP2 is a plus.
>
> Joe


Thanks Joe!
Well, the interesting thing is that this morning I ran through the steps
outlined in that KB article and my phantom server wasn't found in the domain.
I have two sites and neither showed it, so the metabase cleanup can't clean
it up after all. The kicker is that I've removed it from DNS, but it's still
"out there" somewhere - I have no idea where!?!?!
If I launch my DHCP console and go to add a server, it still thinks that
this server is an available DHCP server. Any idea how/why that would still
be appearing in my list of available DHCP servers?

Thanks!
Mark

Replying to my own question now... :-)

Anyway, I believe (not 100% sure) that the server is actually gone from AD
now, but I had to unauthorize it from being a DHCP server. I did that and
now it's gone. I'm suspecting that that's all I needed to do to finalize
this situation.

Thanks!
Mark

Mark

If you open AD Sites & Services you should see a Services container, if you
can't right click Sites & Services, select view and clcick the option Show
services node.

In the services container select the NetServices container and it is here
you are more likely than not to find a reference to the old Domain
Controller. I am guessing this is were your DHCP mmc is picking up the
reference to this DC.

Joe



"justmark" wrote:

> "Joe" wrote:
>
> > Mark
> > The reference to SP1 mean this: if the server you perfrom the metadata
> > cleanup on is running SP1 then follow the steps detailed - it is not a
> > reference to the service pack status of the server that you want to remove.
> >
> > The reason KB makes the distinction is becasue a DC with SP1 or in your case
> > SP2 is a little bit "smarter" about what stuff needs to be removed, meaning
> > you have to do less manual deletion of the NTDS setting relating to the DC.
> > So the fact you are on SP2 is a plus.
> >
> > Joe
>
>
> Thanks Joe!
> Well, the interesting thing is that this morning I ran through the steps
> outlined in that KB article and my phantom server wasn't found in the domain.
> I have two sites and neither showed it, so the metabase cleanup can't clean
> it up after all. The kicker is that I've removed it from DNS, but it's still
> "out there" somewhere - I have no idea where!?!?!
> If I launch my DHCP console and go to add a server, it still thinks that
> this server is an available DHCP server. Any idea how/why that would still
> be appearing in my list of available DHCP servers?
>
> Thanks!
> Mark

Mark

Unauthorising it will remove it from the location in ADS&S - that I
mentioned in the earlier post - Microsoft don't cover this in the earier kb
referenced but it would be ful if they did!

Joe

"Joe" wrote:

>
> Mark
>
> If you open AD Sites & Services you should see a Services container, if you
> can't right click Sites & Services, select view and clcick the option Show
> services node.
>
> In the services container select the NetServices container and it is here
> you are more likely than not to find a reference to the old Domain
> Controller. I am guessing this is were your DHCP mmc is picking up the
> reference to this DC.
>
> Joe
>
>
>
> "justmark" wrote:
>
> > "Joe" wrote:
> >
> > > Mark
> > > The reference to SP1 mean this: if the server you perfrom the metadata
> > > cleanup on is running SP1 then follow the steps detailed - it is not a
> > > reference to the service pack status of the server that you want to remove.
> > >
> > > The reason KB makes the distinction is becasue a DC with SP1 or in your case
> > > SP2 is a little bit "smarter" about what stuff needs to be removed, meaning
> > > you have to do less manual deletion of the NTDS setting relating to the DC.
> > > So the fact you are on SP2 is a plus.
> > >
> > > Joe
> >
> >
> > Thanks Joe!
> > Well, the interesting thing is that this morning I ran through the steps
> > outlined in that KB article and my phantom server wasn't found in the domain.
> > I have two sites and neither showed it, so the metabase cleanup can't clean
> > it up after all. The kicker is that I've removed it from DNS, but it's still
> > "out there" somewhere - I have no idea where!?!?!
> > If I launch my DHCP console and go to add a server, it still thinks that
> > this server is an available DHCP server. Any idea how/why that would still
> > be appearing in my list of available DHCP servers?
> >
> > Thanks!
> > Mark

"Joe" wrote:
>
> Mark
>
> Unauthorising it will remove it from the location in ADS&S - that I
> mentioned in the earlier post - Microsoft don't cover this in the earier kb
> referenced but it would be ful if they did!
>
> Joe


Thanks Joe!
So it seems that I've done all that can/should be done at this point?
Unauthorizing it did what you'd mentioned about ADS&S?
That was just a guess on my part - sometimes you win; sometimes not :-)

Thanks!
Mark

If you can't see via ntdsutil, the DNS records have been removed, you have
removed the server object from under its Sites & Services container, the FRS
reference has been taken out via ADSI Edit and you have no longer have the
DHCP and of course the actual computer object - I reckon you have got most of
it. As you can see, depending on the services that the DC runs will have a
bearing on what stuff get created in AD, but the important stuff is covered
above.

Joe

"justmark" wrote:

> "Joe" wrote:
> >
> > Mark
> >
> > Unauthorising it will remove it from the location in ADS&S - that I
> > mentioned in the earlier post - Microsoft don't cover this in the earier kb
> > referenced but it would be ful if they did!
> >
> > Joe
>
>
> Thanks Joe!
> So it seems that I've done all that can/should be done at this point?
> Unauthorizing it did what you'd mentioned about ADS&S?
> That was just a guess on my part - sometimes you win; sometimes not :-)
>
> Thanks!
> Mark

"Joe" wrote:

> If you can't see via ntdsutil, the DNS records have been removed, you have
> removed the server object from under its Sites & Services container, the FRS
> reference has been taken out via ADSI Edit and you have no longer have the
> DHCP and of course the actual computer object - I reckon you have got most of
> it. As you can see, depending on the services that the DC runs will have a
> bearing on what stuff get created in AD, but the important stuff is covered
> above.
>
> Joe


Thanks for all of your !

Mark