Hi all , I performed a dcdiag task on a DC that i suspect to be corrupted, but all tests are passed successfully. I need to promote a new server 2k8 or 2k3 to an additional DC. Note: the AD still has an addtional DC that has removed offline without performing a dcpromo. Are there any issues? MCITP Enterprise Messaging Administrator, MCITP Enterprise Administrator, MCSE, MCDBA

Hello, run metadata cleanup to remove the not existing DC BEFORE installing the new one: http://msmvps.com/blogs/mweber/archive/2010/05/16/active-directory-metadata-cleanup.aspx For upgrading, after the AD database is cleaned see: http://msmvps.com/blogs/mweber/archive/2010/02/10/upgrading-an-active-directory-domain-from-windows-server-2003-to-windows-server-2008-or-windows-server-2008-r2.aspxBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hi, May I first advise you to use ntdsutil to remove the dead DCs from the AD schema. Also, make sure that there are no traces of the dead DC in the DNS zone. Remove the dead DCs from the Sites and Services console too. The following is a very good procedure on how to delete the dead DC: http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Hello Wefish, please allow me to correct you in the point of "use ntdsutil to remove the dead DCs from the AD schema", this is not correct as the schema is not a problem and you also can't remove anything from the schema. With ntdsutil you cleanup the AD database file, ntds.dit, from the not longer existing DC.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hello Wefish, please allow me to correct you in the point of "use ntdsutil to remove the dead DCs from the AD schema", this is not correct as the schema is not a problem and you also can't remove anything from the schema. With ntdsutil you cleanup the AD database file, ntds.dit, from the not longer existing DC. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. I am very sorry if I pointed Elie to the wrong direction. However, let me just point out that you gave his the same advise: The following is the information that is contained in your link: The metadata cleanup can be done with NTDSUTIL for the AD database part according to: How to remove data in Active Directory after an unsuccessful domain controller demotion Could you please clarify?

Hello Wetfish, where in the KB article is mentioned to cleanup the schema? If i search the article i don't find the "schema" mentionedBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hi, The following knowledgebase will help you to remove completely orphaned Domain Controller: 1. Use the following knowledgebase to remove common Domain Controller settings from the Active Directory. http://support.microsoft.com/kb/216498 Note 1: You may need to seize the FSMO to alternative Domain Controller. Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller http://support.microsoft.com/kb/255504 Note 2: You may need to configure a new authoritative timerver in the domain. 2. Remove old computer account by using "Active Directory Sites and Services" tool. 3. Remove old DNS and WINS records of the orphaned Domain Controller. 4. Use "ADSIEdit" to remove old computer records from the Active Directory: a) OU=Domain Controllers,DC=domain,DC=local b) CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local c) CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=domain,DC=local 5. Force Active Directory replication by using "Repadmin.exe" tool: Using Repadmin.exe to troubleshoot Active Directory replication http://support.microsoft.com/kb/229896/ For more information, please refer to the following Microsoft KB article: How to remove completely orphaned Domain Controller http://support.microsoft.com/kb/555846 RegardsPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.