NTDSUTIL- What are Steps to remove Data in NTDS ?Need Help Pls...

G

Guest

Dear All

I have this 2 DC, now i totally want to remove both DC using NTDSUTIL, i cannot demote it because it was having a problem with DNS, now i would like to remove totally the server, the domain and also the naming context of the both servers using NTDSUTIL. I found a good article on MS website but it did not say which 1 should i remove first, This 2 DC is a child of another DC,which is the root domain of a forest, and further more i have to use the same server name, domain name and netbios name back, if after i managed to cleanup the metadata, the prob is in the root domain will still have both DC records, so now i would like to know in the NTDSUTIL, should i remove

1) The Domain or 2)The naming context or 3) the server first ? Which 1 should i do first to remove totally all that data ?

I managed to do it with 1 server with "remove selected server"command, but how come it did not work? because after i rebooted that server, when i log in again and use the NTDSTUTIL and i choose "list servers in site", that server 1 name still there? How is it supposed to check whether this thing working or not? Hope you guys could help me. Thank you very muc

regard
emm
 
R

Richard

-----Original Message-----
Dear All,

I have this 2 DC, now i totally want to remove both DC
using NTDSUTIL, i cannot demote it because it was having
a problem with DNS, now i would like to remove totally
the server, the domain and also the naming context of the
both servers using NTDSUTIL. I found a good article on MS
website but it did not say which 1 should i remove first,
This 2 DC is a child of another DC,which is the root
domain of a forest, and further more i have to use the
same server name, domain name and netbios name back, if
after i managed to cleanup the metadata, the prob is in
the root domain will still have both DC records, so now i
would like to know in the NTDSUTIL, should i remove :
1) The Domain or 2)The naming context or 3) the server
first ? Which 1 should i do first to remove totally all
that data ?
I managed to do it with 1 server with "remove selected
server"command, but how come it did not work? because
after i rebooted that server, when i log in again and use
the NTDSTUTIL and i choose "list servers in site", that
server 1 name still there? How is it supposed to check
whether this thing working or not? Hope you guys could
help me. Thank you very much
regards
emma




.
==========================================================

Hi Emma,

I have actually run across this before. I would probably
recommend not using NTDSUTIL unless it is your final
course of action. DC promo is the best way to clean your
domain up. What I would try to do first is fix DNS so
that you can remove the servers from AD correctly. What
is it that your DNS server is doing?

Richard
 
C

Cary Shultz [A.D. MVP]

Emma,

I am sorry to see that it has come to this! I was really hoping that we
would be able to resolve your issues. I guess that we were not able to
overcome them!

Anyway, to add to what Richard said, I would really try to use dcpromo.
There is a new switch out there that allows you to 'forcibly' remove the
DCs. The switch is /forceremoval. Here is the link:

http://support.microsoft.com/default.aspx?scid=kb;en-us;332199&Product=win2000

I hope that you have better luck with this. Are you really sure that you
need to get rid of them? Sometimes that is the best answer, but...

Cary

PS...I will try to answer your questions tomorrow.


emma said:
Dear All,

I have this 2 DC, now i totally want to remove both DC using NTDSUTIL, i
cannot demote it because it was having a problem with DNS, now i would like
to remove totally the server, the domain and also the naming context of the
both servers using NTDSUTIL. I found a good article on MS website but it did
not say which 1 should i remove first, This 2 DC is a child of another
DC,which is the root domain of a forest, and further more i have to use the
same server name, domain name and netbios name back, if after i managed to
cleanup the metadata, the prob is in the root domain will still have both
DC records, so now i would like to know in the NTDSUTIL, should i remove :
1) The Domain or 2)The naming context or 3) the server first ? Which 1
should i do first to remove totally all that data ?
I managed to do it with 1 server with "remove selected server"command,
but how come it did not work? because after i rebooted that server, when i
log in again and use the NTDSTUTIL and i choose "list servers in site",
that server 1 name still there? How is it supposed to check whether this
thing working or not? Hope you guys could help me. Thank you very much
 
G

Guest

Thanks Richard and Cary,

OK i will tell u guys my actual scenario, and Cary, its not waste of effort because the problem that i solve on RPC was a different domain. And now actually i want to make the problem lesser, so that i can solve the problem faster. Ok now is the scenario actually. I have 14 sites to implement AD with 14 domain. This is the scenario

The sites are
1) HQ level
2)State level
3)District level

Ok on HQ level i have 2 dc and 2 DNS, they are the root domain and DNS, I run 2 because of redundancy factor.
I named the domain as System1.HQ.gov.my and my servers i called it as HQ-DC1 for server1 and HQ-DC2 for server2
and in the DefaultSiteName- this one i have not changed yet. its automatically located there. So at first when i promote this 2 servers does not have problem and also when i did the DNS also does not have problem. Both can replicate each other.

Ok for the State level, actually i have 2 sites, this 2 sites are the child of that domain. So i started with first child with a domain of Child1.System1.HQ.gov.my and this Child1 also have 2 servers and i named it as State1-DC1 and for the 2nd one i named it State1-DC2. And with this State1 site, i also set up 2 DNS and when i add DNS server for its domain, i dont have problem retrieving the info from HQ. It can replicate the DNS. Usually when u state the domain in the DNS, it looks like it automatically will create all the necessary files for that domain e.g the _mdcs, _sites, _tcp and _udp folder right ? So in the State1 i dont have problem with that. The state1 DC's also still automatically generated in Default Site Name, i have not defined any site for it also.Then came 1 day......

i 1 2 to do for the 2nd State, but after i did it, it was successfully promoted, and i named it as Child2.System1.HQ.gov.my and this site also have 2 DC, so the problem start was with 1 server cannot retrive DNS info from HQ, it does not have all the necessary folder in the DNS like State1, and then 2nd problem arrised was both DC cannot replicate each other. The sites configuration are like in State1, it automatically located in Defaultsitename. So while i try to solve the prob with this... then one day came........

Time problem, synchronization issue in HQ, suddenly all the time was a changed a year ahead. That was all the cause of all the problems i mentioned to you Cary in my previous message. That was first time it happen and i suspect that it was cause frm external time server. Because after i stop that external time server from running anymore for the past 1 week, it did not have any problem and before the time server was installed also, it did not have any time synchronization issues.

So u see i got a lot of pending problems to solve. So now my working DCs i guess was in HQ and State1, but as for State2,
i try to demote it also cannot because it cannot find DSA object. Cary, did u remember some problem i have when i run the tools DNSlint, it got to do with the servers in State2. So now my first option to isolate these problems are to destroy totally data in State2 and that's y i need to do frm NTDSUTIL i guess. And furthermore i managed to promote another DC for District level.

At District level only 1 server involved,This is considered the GrandChild, but because a lot of messy i have to face now, i managed to promote it but using DNS in HQ first, but after promote it also, now i face some replication issues. But that i will think later and i have to solve the State2 first. For the District level, i named the domain as District1.State1.System1.HQ.gov.my, with 1 server i called it District1-server.

So in lieu of that, i got a lot of problem now, i got another 11 sites to go, but i postponed it first because i want to solve this messy problems first for this 3 sites. all the questions i will postpone are related to this scenario actually and btw thanks guys for trying to help me to solve it. I really really need helping hand a lot to get this AD to be up and running smoothly.

Cary, this was the whole thing when i started to post the message here. So my reply to your question i already answer it, and i will continue asking questions onwards i guess. Thank you guys, i appreciate a lot for your help

regards
emma
 
R

Richard

Whew, that is a lot of information to take in. Probably
where I would start is at DNS. 90% of the time I find
that DNS is the root cause of my headaches with AD.

Run DCDIAG with the following on each of your domains.

DCDIAG /e /c /v>domainname.txt

After that is complete run netdiag on each of your DCs
with the following.

netdiag /v /debug /dcaccountenum>dcname.txt

Now you will have a lot of information to parse through,
however this should give you a really good idea of what
your domains are going through.

When you find a failed message copy that message and post
it in here. You will sometimes find failed messages that
don't pertain, but I think for us to help you out it is
best to post all failed messages in here. Also it would
be good to know how your dns is setup on each DC. Are
there forwarders? Do they point to themselvs? Are they
ad integrated? ETC.

Not only is this a good way to really understand what
your AD is doing, but it is also a good way to make your
AD infrastructure solid.

Thanks Emma,
Richard
 
G

Guest

Thanks Richard, i will try out your advice on finding the cause of the problems. Any update i will post a new message. Thanks...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top