Implementing KB 216498

  • Thread starter Thread starter Dino
  • Start date Start date
D

Dino

Hi

I am about to implement thefollowing KB.

HOW TO: Remove Data in Active Directory After an
Unsuccessful Domain Controller Demotion
http://support.microsoft.com/?id=216498

I have only 1 DC and 100 PCs connected to it.

I have some misgivings about this implementation, i.e.
risks of ending up creating more problems than resolving
them.

Any advice please ?
Did anyone apply the above KB's procedure ?

TIA
 
Is the DC you are cleaning up the one and only DC you have or did you try to
promote/demote another DC and it screwed up and you are working on cleaning that up?

If the former, you can't.

If the latter, I would recommend spinning up another DC (you should always have
at least 2 running anyway) before chopping away at the directory.


As for that process. It is relatively safe. I have done it many many many times
though I always had multiple domain controllers for every domain so I wasn't
concerned if a single DC got screwed up by the result.


joe
 
Thanks for you reply Joe.

The situation is that I disconnected my 2nd Controller
from the network without demoting it. Since then it is
impossible to configure the 2nd controller. I run
DCPROMO and during the duplication of the AD, I get the
the following message: «cannot find DSA object». As I
said in my previous message, I have only 1 DC and 100 PCs
connected to it.

Do you think that by implementing the KB 216498, I should
be ok ?

Regards
 
Dino said:
Do you think that by implementing the KB 216498, I should
be ok ?
Click to expand...

Yes, do this, clean up the DNS data if there are any entries about this
server and this should be OK - I'v done this a few times and there was
no problems
 
Tomasz said:
Yes, do this, clean up the DNS data if there are any entries about
this server and this should be OK - I'v done this a few times and
there was no problems
Click to expand...

I've noticed that the ntdsutil step in the procedure automatically cleans up
the DNS entries :)

I've done the procedure about half a dozen times now and the DNS entries for
the DCs in question were automatically cleaned up without fail.

Impressive as we use Bind as opposed to MS DNS :)

This has saved me a bit of work in not having to play around with Nsupdate
:)
 
Dino, Joe recommends spinning up a second DC before you do anything
else. I think that anyone who has done anything with AD would agreee
with him. Rely on his vast experience. That's why he is MVP! If you
have a second DC then losing the first will not be a total disaster.
If you only have one DC and it gets screwed you have no Active
Directory. Nothing will work.

Cheers.

Cliff

{MVP Directory Services}
 
Enkidu said:
Dino, Joe recommends spinning up a second DC before you do anything
else. I think that anyone who has done anything with AD would agreee
with him. Rely on his vast experience. That's why he is MVP! If you
have a second DC then losing the first will not be a total disaster.
If you only have one DC and it gets screwed you have no Active
Directory. Nothing will work.
Click to expand...
OK, but Dino in his second post told us that he want's to remove data
connected with the second, failed DC in the domain.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

clean failed DC out of AD do i only need to do KB 216498? 1
Demoted domain still visible 2
Domain controller 4
Domain Controller crash...advice needed 1
Failed DC 3
Orphened AD Box with no backup 4
Domain Controller Removal 4
Problems deleting old NT BDC from AD - "DSA Object could not be deleted" 5

Back
Top