No announcement yet.

Cleanup after DC removal........

  • Filter
  • Time
  • Show
Clear All
new posts

  • Cleanup after DC removal........

    Happy Friday everyone!
    I am doing some Disaster recovery testing for a new 2008R2 domain that I am going to be implementing soon. As part of the testing, I have powered off one of my DC's (it didn't hold any FSMOs) and then used one of the recommended Microsoft procedures to clean up the metadata from AD.

    I deleted the DC object from ADUC, ticking the box that says 'This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO) and away it went.

    But a couple of remnants have been left behind in other areas :

    AD Sites & Services......the server object is still there, albeit with no NTDS settings underneath it.'s still there as a name server, but the IP address has been removed from view.

    Am I good to just manually remove these entries? It's been way over an hour since I did this, thought it may have done it by now but it hasn't........I've made sure everything is replicated around the domain but they are still there. It's no biggie, but from the MS instructions it gave the impression that it would remove all entries..........?

    Thanks peoples!


  • #2
    Re: Cleanup after DC removal........

    Just follow the article on the main site (still valid for 2008R2):

    Also check which DC holds your FSMOs and seize them if needed:
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      Re: Cleanup after DC removal........

      Cheers Tom, I'll run through these steps..........


      Tommy G


      • #4
        Re: Cleanup after DC removal........

        Quick update :

        Followed the instructions as proposed by Ossian and the NTDSutil procedures showed that it was already gone.........I then manually deleted the entry in AD Sites & Services.........and finally removed all the DNS entries for the server. I guess ti would have scavenged them (set to 7 days) eventually, but I plan on rebuilding it again with the same name early next week.

        I'll let the AD chill out for the weekend.


        Tommy G