To clean up metadata
- At the command line, type Ntdsutil and press ENTER.
|
|
C:\WINDOWS>ntdsutil
ntdsutil:
|
- At the Ntdsutil: prompt, type metadata cleanup and press Enter.
|
|
ntdsutil: metadata cleanup
metadata cleanup:
|
- At the metadata cleanup: prompt, type connections and press Enter.
|
|
metadata cleanup: connections
server connections:
|
- At the server connections: prompt, type connect to server , where is the domain controller (any functional domain controller in the same domain) from which you plan to clean up the metadata of the failed domain controller. Press Enter.
|
|
server connections: connect to server server100
Binding to server100 ...
Connected to server100 using credentials of locally logged on user.
server connections:
|
Note: Windows Server 2003 Service Pack 1 eliminates the need for the above step.
- Type quit and press Enter to return you to the metadata cleanup: prompt.
|
|
server connections: q
metadata cleanup:
|
- Type select operation target and press Enter.
|
|
metadata cleanup: Select operation target
select operation target:
|
- Type list domains and press Enter. This lists all domains in the forest with a number associated with each.
|
|
select operation target: list domains
Found 1 domain(s)
0 - DC=dpetri,DC=net
select operation target:
|
- Type select domain , where is the number corresponding to the domain in which the failed server was located. Press Enter.
|
|
select operation target: Select domain 0
No current site
Domain - DC=dpetri,DC=net
No current server
No current Naming Context
select operation target:
|
- Type list sites and press Enter.
|
|
select operation target: List sites
Found 1 site(s)
0 - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
select operation target:
|
- Type select site , where refers to the number of the site in which the domain controller was a member. Press Enter.
|
|
select operation target: Select site 0
Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
Domain - DC=dpetri,DC=net
No current server
No current Naming Context
select operation target:
|
- Type list servers in site and press Enter. This will list all servers in that site with a corresponding number.
|
|
select operation target: List servers in site
Found 2 server(s)
0 - CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
1 - CN=SERVER100,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
select operation target:
|
- Type select server and press Enter, where refers to the domain controller to be removed.
|
|
select operation target: Select server 0
Site - CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
Domain - DC=dpetri,DC=net
Server - CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
DSA object - CN=NTDS Settings,CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net
DNS host name - server200.dpetri.net
Computer object - CN=SERVER200,OU=Domain Controllers,DC=dpetri,DC=net
No current Naming Context
select operation target:
|
- Type quit and press Enter. The Metadata cleanup menu is displayed.
|
|
select operation target: q
metadata cleanup:
|
- Type remove selected server and press Enter.
You will receive a warning message. Read it, and if you agree, press Yes.
|
|
metadata cleanup: Remove selected server
"CN=SERVER200,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=dpetri,DC=net" removed from server "server100"
metadata cleanup:
|
At this point, Active Directory confirms that the domain controller was removed successfully. If you receive an error that the object could not be found, Active Directory might have already removed from the domain controller.
- Type quit, and press Enter until you return to the command prompt.
To remove the failed server object from the sites
- In Active Directory Sites and Services, expand the appropriate site.
- Delete the server object associated with the failed domain controller.
To remove the failed server object from the domain controllers container
- In Active Directory Users and Computers, expand the domain controllers container.
- Delete the computer object associated with the failed domain controller.
- Windows Server 2003 AD might display a new type of question window, asking you if you want to delete the server object without performing a DCPROMO operation (which, of course, you cannot perform, otherwise you wouldn’t be reading this article, would you…) Select “This DC is permanently offline…” and click on the Delete button.
- AD will display another confirmation window. If you’re sure that you want to delete the failed object, click Yes.
To remove the failed server object from DNS
- In the DNS snap-in, expand the zone that is related to the domain from where the server has been removed.
- Remove the CNAME record in the _msdcs.root domain of forest zone in DNS. You should also delete the HOSTNAME and other DNS records.
- If you have reverse lookup zones, also remove the server from these zones.
Other considerations
Also, consider the following:
- If the removed domain controller was a global catalog server, evaluate whether application servers that pointed to the offline global catalog server must be pointed to a live global catalog server.
- If the removed DC was a global catalog server, evaluate whether an additional global catalog must be promoted to the address site, the domain, or the forest global catalog load.
- If the removed DC was a Flexible Single Master Operation (FSMO) role holder, relocate those roles to a live DC.
- If the removed DC was a DNS server, update the DNS client configuration on all member workstations, member servers, and other DCs that might have used this DNS server for name resolution. If it is required, modify the DHCP scope to reflect the removal of the DNS server.
- If the removed DC was a DNS server, update the Forwarder settings and the Delegation settings on any other DNS servers that might have pointed to the removed DC for name resolution.
- 使用 ADSIEdit 刪除電腦帳戶。如果要執行這項操作,請依照下列步驟執行:
- 按一下 [開始],按一下 [執行],在 [開啟] 方塊中輸入 adsiedit.msc,然後按一下 [確定]。
- 展開 [網域 NC] 容器。
- 展開 [DC=Your Domain Name, DC=COM, PRI, LOCAL, NET]。
- 展開 [OU=Domain Controllers]。
- 用滑鼠右鍵按一下 [CN=domain controller name],然後按一下 [刪除]。
當您嘗試刪除物件,卻收到「無法刪除 DSA 物件」的錯誤訊息,請變更 UserAccountControl 值。如果要變更 UserAccountControl 值,請用滑鼠右鍵按一下 ADSIEdit 中的網域控制站,然後按一下 [內容]。在 [選取內容來檢視] 下,按一下 [UserAccountControl]。按一下 [清除],將值變更為 4096,然後按一下 [設定]。現在您可以刪除物件了。
注意 在刪除電腦物件時,FRS 訂戶物件也會一併刪除,因為它是電腦帳戶的子項目。
- 使用 ADSIEdit 刪除 FRS 成員物件。如果要執行這項操作,請依照下列步驟執行:
- 按一下 [開始],按一下 [執行],在 [開啟] 方塊中輸入 adsiedit.msc,然後按一下 [確定]。
- 展開 [網域 NC] 容器。
- 展開 [DC=Your Domain, DC=COM, PRI, LOCAL, NET]。
- 展開 [CN=System]。
- 展開 [CN=File Replication Service]。
- 展開 [CN=Domain System Volume (SYSVOL share)]。
- 用滑鼠右鍵按一下要刪除的網域控制站,然後按一下 [刪除]。
- 在 DNS 主控台中,使用 DNS MMC 刪除 DNS 中的 A 記錄。A 記錄又稱主機記錄。如果要刪除 A 記錄,請用滑鼠右鍵按一下 A 記錄,然後按一下 [刪除]。此外,也一併刪除 _msdcs 容器中的 cname (又稱 Alias) 記錄。如果要執行這項操作,請展開 [_msdcs] 容器,用滑鼠右鍵按一下 cname,然後按一下 [刪除]。
重要 如果這之前是 DNS 伺服器,請在 [名稱伺服器] 索引標籤下移除此 DC 的參照。如果要執行這項操作,請用滑鼠右鍵按一下 [正向對應區域] 下的網域名稱,按一下 [內容],然後從 [名稱伺服器] 索引標籤中移除此伺服器。
注意 如果您有反向對應區域,也請從這些區域中移除伺服器。
- 如果刪除的電腦是子網域中最後一個網域控制站,而子網域也已經刪除,請使用 ADSIEdit 刪除子網域的 trustDomain 物件。如果要執行這項操作,請依照下列步驟執行:
- 按一下 [開始],按一下 [執行],在 [開啟] 方塊中輸入 adsiedit.msc,然後按一下 [確定]。
- 展開 [網域 NC] 容器。
- 展開 [DC=Your Domain, DC=COM, PRI, LOCAL, NET]。
- 展開 [CN=System]。
- 用滑鼠右鍵按一下 [信任網域] 物件,然後按一下 [刪除]。
- 使用「Active Directory 站台及服務」移除網域控制站。如果要執行這項操作,請依照下列步驟執行:
- 啟動「Active Directory 站台及服務」。
- 展開 [站台]。
- 展開伺服器的站台。預設的站台為 [Default-First-Site-Name]。
- 展開 [伺服器]。
- 用滑鼠右鍵按一下網域控制站,然後按一下 [刪除]。
http://www.netqna.com/2014/03/windows-ad-dcpromo.html
https://www.petri.com/delete_failed_dcs_from_ad
https://support.microsoft.com/zh-tw/kb/216498/zh-tw
http://blog.miniasp.com/post/2012/07/13/How-to-remove-data-in-Active-Directory-after-an-domain-controller-crashed-accidentally.aspx
