Monday, 13 January 2020

How to clean up Active Directory Metadata

Sometimes one of your domain controllers crashed or removed forcefully from the forest but its data still exists in forest. You must remove that metadata from the forest which is called clean up Active Directory metadata.

Metadata clean up removes DFS (Distributed File System) and FRS (File Replication Service) and transfer or seize  FSMO (Flexible Single Master Operations) roles from retired domain controller.

We can clean metadata from GUI tools and command line  as well as by using a script. You must make sure that computer object and NTDS settings for object for the domain controller are not protected against accidental deletion. You can also verify by right click on computer object or NTDS settings object, click Properties than Object, and clear the Protect object from accidental deletion check box. You must be member or Domain Admins to perform this task.

I will discuss here both GUI and Command line methods.

1) GUI Method

  • Open Active Directory Users and Computers. Expand the domain of the domain controller that was forcibly removed, and then click Domain Controllers.
     
  • In the details pane, right-click the computer object of the domain controller whose metadata you want to clean up, and then click Delete.

  • In the Active Directory Domain Services dialog box, confirm the name of the domain controller you wish to delete is shown, and click Yes to confirm the computer object deletion.
     
  • In the Deleting Domain Controller dialog box, select This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO), and then click Delete.
     
  • If the domain controller is a global catalog server, in the Delete Domain Controller dialog box, click Yes to continue with the deletion.

  • You need to move your FSMO roles If the domain controller currently holds one or more operations master roles,

2) Command line

  • Open a command prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator
  • At the command prompt, type the command ntdsutil, and press ENTER.
    At the ntdsutil: prompt, type the command metadata cleanup and press ENTER.
  • At the metadata cleanup: prompt, type the remove selected server <ServerName> command, and press ENTER:
  • In Dialog box, review the information and warning, and then click Yes to remove the server object and metadata. 
  • At this point, Ntdsutil will confirm that the domain controller was removed successfully.  At the metadata cleanup: and ntdsutil: prompts type quit, and press ENTER.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)