4

hi i am looking for a recap of what i have done already to see if i missed anything.

i had two cities connected by wan using a ipsec persistent tunnel between gateways.

i had one DC (DOMAIN CONTROLLER) in each city that was a global catalog server (GC)

they were set up to replicate and i had them configured under Sites and Servers with their own subnet etc...

about 6 months ago the one city was removed and i was not able to gracefully remove, through dcpromo, the server that was there. it is no longer used and cannot be brought back. the company went from two sites down to single site. Problem is i had a whole bunch of kcc errors and replication bugs in the event viewer.

i wanted to clean up my active directory and decided to use the ntdsutil metadata cleanup commands.

i removed the server from the specifed site based on a procedure from petri website. I then removed the instances of the old DC and site from Sites and Servers. Then i went and cleaned up the DNS by removing Host A records, NS server name from both the local DNS forward lookup zone and the _msdcs

i also removed the reverse lookup zone for the subnet that no longer exists.

is there anything i missed? thanks in advance for any help. gd

dasko
  • 1,244
  • 1
  • 22
  • 30
  • here is a weird thing, i lost connection to this dc about 4hrs after i did the above steps? can't ping it and it is down. not sure if it related or not. any thoughts? thanks. –  Feb 07 '10 at 09:46
  • Which DC did you lose acccess to? The way I read this question you are talking about a site that has been removed and all systems there are were completely gone (offline/ no connectivity at all) when you carried out this exercise so surely the DC shouldn't have been accessible even before you started this exercise. – Helvick Feb 07 '10 at 14:37
  • yes you are right, the dc was no longer there, it should be considered as a DC that failed physically and i wanted to tidy up my active directory. –  Feb 07 '10 at 23:00

1 Answers1

1

The only other steps I would take (mind you I have never run 'ntdsutil metadata cleanup' which might have done this already) would be:

  1. Check that the legacy site has been removed, and any subnets
  2. Any computer accounts in AD.
  3. If it was a DHCP server you might want to unauthorize it in AD.
  4. Seize and FSMO roles that might have been on the DC, but unlikely I guess
commandbreak
  • 1,009
  • 5
  • 6
  • removed the sites from sites and services. accounts have been removed not a dhcp server no fsmo roles on the dc it was just a global catalog for that site. thanks. –  Feb 08 '10 at 23:36