Ghost AD DFS root replica

[Guest]

I deployed a domain based DFS root replica to a remote site several years ago
and then removed it a month or so later. This has now come back to haunt me.
We recently made changes to where the DFS links go to and some clients are
sporadically getting error 53. I was finally at a client machine when this
happened and it appears that his computer was connecting to the root DFS that
used to be on the DC at the remote site.

I have looked at this machine and cannot find even the folder that it used
to be on. How can I locate and remove the ghost root replica from my AD. This
is now causing me major headaches.

Help is much appreciated.

 

[Ace Fekay [MVP]]

In

I deployed a domain based DFS root replica to a remote site several
years ago and then removed it a month or so later. This has now come
back to haunt me. We recently made changes to where the DFS links go
to and some clients are sporadically getting error 53. I was finally
at a client machine when this happened and it appears that his
computer was connecting to the root DFS that used to be on the DC at
the remote site.

I have looked at this machine and cannot find even the folder that it
used to be on. How can I locate and remove the ghost root replica
from my AD. This is now causing me major headaches.

Help is much appreciated.

Does it show up in DFS console? Have you looked in ADSI Edit?

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================

 

[Herb Martin]

I deployed a domain based DFS root replica to a remote site several years
ago
and then removed it a month or so later. This has now come back to haunt
me.
We recently made changes to where the DFS links go to and some clients are
sporadically getting error 53. I was finally at a client machine when this
happened and it appears that his computer was connecting to the root DFS
that
used to be on the DC at the remote site.

I have looked at this machine and cannot find even the folder that it used
to be on. How can I locate and remove the ghost root replica from my AD.
This
is now causing me major headaches.

Help is much appreciated.

Caveat: I don't know the answer but have a few ideas to check.

1) Is it possible that this DFS root is still listed in your WINS
servers? Especially if the WINS server which "owned" the registration
is no longer up or replicating.

2) Is this DFS root published in AD? (I don't really understand precisely
how this would give your reported behavior but it is worth checking.

3) It may also be a ghost object in AD (other than the 'published' entry) so
ultimately you may have to seek a solution that involves ADSIEdit but be
VERY careful if you do this.

 

[Guest]

It does not show up in the console. How would I go about using ADSIEdit to
find it? I have not used this tool before nor know where to download it from.

Scott

 

[Herb Martin]

It does not show up in the console. How would I go about using ADSIEdit to
find it? I have not used this tool before nor know where to download it
from.

Then please do NOT use it now. Not without following some
trusted KB article or such.

Just viewing and searching for the name probably would not
hurt but I am (seriously) concerned that if I encourage you to
do that you will be tempted to "just delete" the offending entry
should you find it.

And I have NO IDEA what harm that might cause but see
ADSIEdit as a serious power tool -- it can chop of small
fingers, and even the fingers of those who think they are
experienced.

Instead try searching for something that is related to such
cleanup.

But first go check your basic WINS and AD (AD Users &
Computers) for the offending entry.

 

[Ace Fekay [MVP]]

In

It does not show up in the console. How would I go about using
ADSIEdit to find it? I have not used this tool before nor know where
to download it from.

Scott

Herb made a couple good points about WINS. Are you using WINS?

As for ADSI Edit, install the Support Tools from the Windows CDROM. If this
is Windows 2000, after you install it, goto start/programs/Windows Support
Tools and you'll find it there. If this is Win2003, after you install the
tools, create a new MMC, add the ADSI Edit snap-in. Then rt-click in the
ADSI Edit console, add the DomainNC and the Configuration Container. Drill
down in both until you find it (I can't remember exactly if it is in the
DomainNC or the Config container).

Ace

 

[Jorge de Almeida Pinto]

I trying to understand what you are experiencing, as it is not all
clear...
If you are connecting to a DOMAIN DFS then that is because YOU are
connecting to it.
If you mean that you are connecting to a Domain DFS and a DFS ROOT
REPLICA is returned that does not exist anymore... well that makes
more sense.

When you connect to a domain dfs you first connect to AD (or a DC)
and that DC tells you what DFS ROOT REPLICAS are available. The DFS
ROOT REPLICAS have knowledge about the complete namespace. for the
link you wan to connect to the DFS ROOT REPLICA refers you to a DFS
LINK REPLICA that host the shared folder you want to access
For more info on DFS take a look at: http://www.microsoft.
com/technet/prodtechnol/windowsserver2003/library/TechRef/20ffb860-
f802-455c-9ca2-5194f79a9eb4.mspx (how DFS works)

Run the following command to see how the structure is of the DFS
namespace:
dfscmd \\ADCORP.LAN\DFSROOT$ /view /full AND in your case dfscmd
\\<FQDN AD DOMAIN>\<DFS ROOT NAME> /view /full
you should see something like:
\\ADCORP\DFSROOT$
\\ROOTDC01\DFSROOT$
\\ROOTDC02\DFSROOT$
\\ADCORP\DFSROOT$\TOOLING
\\Rootdc01\TOOLS$
\\Rootdc02\TOOLS$
The command completed successfully.

The first lists the DFS ROOT (\\ADCORP\DFSROOT$) and its replicas
The second and going lists the configured DFS LINKS
(\\ADCORP\DFSROOT$\TOOLING) and its replicas

If you have a DFS ROOT REPLICA listed THAT DOES NOT EXIST ANYMORE AND
that needs to be removed run:
dfsutil /UnmapFtRoot /Root:\\ADCORP.LAN\DFSROOT$ /Server:\\ROOTDC02
/ShareFSROOT$
AND in your case: dfsutil /UnmapFtRoot /Root:\\<FQDN AD DOMAIN>\<DFS
ROOT NAME> /Server:\\<DFS ROOT REPLICA NAME> /Share:<DFS ROOT SHARE
NAME>

For more info also see:
http://www.microsoft.
com/technet/prodtechnol/windowsserver2003/library/TechRef/28be5bc5-
694d-49ea-981e-34bdadd1a931.mspx (Example 9: Clean Up a Root-Server
Entry in Active Directory) read the note before executing!
http://www.microsoft.
com/technet/prodtechnol/windowsserver2003/library/TechRef/06894c4e-
aff0-4966-b794-e160839c3ce8.mspx

Cheers,
# Jorge de Almeida Pinto #