Successfully demoted servers remain in the ADSS

[Kevin]

Hello,

I am new to this client's site and was looking over the ADSS when I noticed
there are a lot of servers listed in the Servers list. I did a dsquery
servers and the list came back with five domain controllers. Talking to the
admin that previously administered this environment, he assured me the other
two DC's listed were demoted successfully over five months ago... which
appears to make sense as I see correct NTDS Settings for the three servers
which I know are the DC's and no NTDS settings for the other two in
question.

Assuming the demotions went successfully, and I have no reason to beleive
different since the FRS and DS logs aren't complaining about anything, how
common is it that a successful demotion would leave objects in the ADSS in
addtion to metadata? Should I continue with just cleaning the metadata and
deleting these objects out of the DSS or should I be investigating a more
serious problem?

Thanks,
Kevin

 

[Paul Bergson]

You should clean up your metadata and ADSS. I can't tell you why your AD is
the way it is but I would run some diagnostics against your network.


If you don't have the tools installed, install them from your server install
disk.
d:\support\tools\setup.exe

Run dcdiag and netdiag in verbose mode.

If you download a gui script I wrote it should be simple to set and run. It
also has the option to run individual tests without having to learn all the
switch options. The script also automagically outputs the test details to a
text file and calls this text file up at the completion of the test. This
makes it much easier to read and save the details for future use and
analysis.

The script is at http://pbbergs.dynu.com/windows/windows.htm, download it
and save it to c:\program files\support tools\

Just select both dcdiag and netdiag make sure verbose is set. (Leave the
default settings for dcdiag as set when selected)

When complete search for fail, error and warning messages.

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Kevin]

Thanks Paul.

I have run dcdiag and netdiag and everything comes back squeaky clean.
Someone else mentioned that with AD2000 this is normal behaviour for the
retired DC's to remain listed in the ADSS listing. As long as the ntds
settings are removed then it is fine to just delete from ADSS. I think I
will remove with ADSI Edit just to make sure its removed completely.

Side note about your HTA. You should have two copies on your website in
case you are using it for AD2000 or AD2003. Your contrant line:

Const exLoc = "c:\progra~1\suppor~1\"

might assume you have AD2003 with the AD support tools installed. With
AD2000 you install the dcdiag/netdiag seperately and if you take the
defaults it would look like:

Const exLoc = "c:\progra~1\resour~1\"

Thanks,
Kevin

 

[Paul Bergson]

I will look into this. Thanks for the feedback.