Removing DC from AD (a related replication question)

D

DT

I've read the metadata cleanup article (KB216498) that describes removing a
non-existent DC... clear enough.

However... let's say my forest root is myorg.com and the DC to be removed
resides in child domain site2.myorg.com.

Can I do the cleanup/removal against a DC in the forest root (myorg.com) and
then have the deletion automatically replicated to the DC for child domain
site2.myorg.com?

Or must I do the cleanup/removal on a DC for site2.myorg.com and then have
the deletion replicated to the parent domain?

I suppose I'm asking a basic question about replication: will a deletion
made to replicated information (ie, the entries in the parent domain related
to the child DC being removed) be propogated back to the "original"
information (the entries in the child domain related to the DC being
removed). Or is replication smart enough to know which domain "owns" the
original information, and who only has a copy of it???

Thanks,

DT
 
L

Laura E. Hunter \(MVP\)

Active Directory replication is multi-master, so all DCs in the forest have
a writeable copy of the AD database. It maintains consistency using
timestamps - basically, whoever has the most recent copy of the AD
information will replicate it out to the other controllers in the
domain/forest, and they will update their own copies of the AD database
accordingly. This is done by design so that changes (like the one you
describe) only need to be performed once and will then be automatically
propogated throughout the domain/forest.
 
D

DT

Laura,

That's what I hoped.

So, since changes made in the parent DC - including deletions - should be
replicated to the child DC, I followed the steps in Q216498 and used
ntdsutil on a parent DC to remove the failed DC from the child domain. The
NTDS Settings object for the failed DC is now gone - when viewed on the
parent DC - and after the next replication, I assume it will disappear from
the child DC as well..

===> But then I got to the part in Q216498 about using ADSIEdit to remove
the computer account, etc...

When I start ADSIEdit on the parent DC, I don't see the child domain. How
do I point ADSIEdit to the child domain? Or do I have to run it locally on
the child domain?

Thanks,

DT
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Connection Objects Get Disappearing or Does Not Generate Automatic 2
Problem removing metadata for forest root DCs on DC for second Domain 4
Disaster Recovery AD 2
[Long] Clearing GC check box caused child domain to be deleted! 5
Help Please! - Cannot get rid of redundant DC from AD 2
Child DC demotion 1
Removing a crashed DC from AD 1
reviving ad after first dc crashed 3

Top