Content Search

Custom Search

IP Address Lookup

Saturday, May 10, 2008

How to remove an oprhaned domain from Active Directory

Description:
For some reason you have to force demote one of your child domain.
You have follow Microsoft KB216498 "How to remove data in Active Directory after an unsuccessful domain controller demotion". You have remove the cname record in the _msdcs.rootdomain of forest zones in DNS. Also there're no A record and Name Server record of it on DNS. You also have deleted the server name from AD Sites & Services.
However when people logon, they can still see that child domain at the Log on to field. You want it to be disappear from there.

Resolution:
Removing Orphaned Domains from Active Directory (Microsoft KB230306)

1. Determine the domain controller that holds the Domain Naming Master Flexible Single Master Operations (FSMO) role. To identify the server holding this role:

  • Start the Active Directory Domains and Trusts Microsoft Management Console (MMC) snap-in from the Administrative Tools menu.
  • Right-click the root node in the left pane titled Active Directory Domains and Trusts, and then click Operations Master.
  • The domain controller that currently holds this role is identified in the Current Operations Master frame.NOTE: If this changed recently, not all computer may have received this change yet due to replication.
2. Verify that all servers for the domain have been demoted.
3. Click Start, point to Programs, point to Accessories, and then click Command Prompt.
4. At the command prompt, type: ntdsutil.
5. Type: metadata cleanup, and then press ENTER.
6. Type: connections, and then press ENTER. This menu is used to connect to the specific server on which the changes will occur. If the currently logged-on user is not a member of the Enterprise Admins group, alternate credentials can be supplied by specifying the credentials to use before making the connection. To do so, type: set creds domainname username password , and then press ENTER. For a null password, type: null for the password parameter.
7. Type: connect to server servername (where servername is the name of the domain controller holding the Domain Naming Master FSMO Role), and then press ENTER. You should receive confirmation that the connection is successfully established. If an error occurs, verify that the domain controller being used in the connection is available and that the credentials you supplied have administrative permissions on the server.
8. Type: quit, and then press ENTER. The Metadata Cleanup menu is displayed.
9. Type: select operation target, and then press ENTER.
10. Type: list domains, and then press ENTER. A list of domains in the forest is displayed, each with an associated number.
11. Type: select domain number, and then press ENTER, where number is the number associated with the domain to be removed.
12. Type: quit, and then press ENTER. The Metadata Cleanup menu is displayed.
13. Type: remove selected domain, and then press ENTER. You should receive confirmation that the removal was successful. If an error occurs, please refer to the Microsoft Knowledge Base for articles on specific error messages.
14. Type: quit at each menu to quit the NTDSUTIL tool. You should receive confirmation that the connection disconnected successfully.

No comments:

Quote of the Day