Using NTDSUTIL Metada Cleanup to Remove a Failed/Offline Domain Controller Object.

https://chinnychukwudozie.com/2014/01/27/using-ntdsutil-metada-cleanup-to-remove-a-failedoffline-domain-controller-object/

In this post, I would like to talk about using the ntdsutil utility for metadata cleanup. A domain controller failure ‘DC00’ recently occurred in my lab. Running the repadmin /replsum command confirmed a replication error and showed DC00 as unavailable:

Since a dcpromo was obviously out of the question, I used the Ntdsutil metadata cleanup command to effect the removal in the following steps.

Start the Ntdsutil Tool:

Open a command prompt as an administrator. At the prompt, type ntdsutil and press enter. This put me directly in the ntdsutil mode. Entering ‘help’ shows all the options directly available :

At the Ntdsutil prompt, select and type metadata cleanup command and press enter.

At the metadata cleanup prompt, type connections and press enter.

At the server connections prompt, type connect to server ws2012r2 and press enter. Where ws2012r2 is a domain controller dns name.

After connecting to the domain controller, type quit at the server connections prompt to exit out to the metadata cleanup prompt.

Now at the metadata cleanup prompt, type select operation target and press enter. Entering this mode, will enable me select the sites, domains and servers I intend to work with.

From the help options available at select operation target, select, and type list domains. Press enter.

At the select operation target type select domain 0. Where domain 0 is the intended domain.

At the next select operation target prompt, type list sites and press enter.

At the next select operation target prompt, type select site 0 and press enter.

At the next select operation target prompt, type list servers in site and press enter.

At the next select operation target prompt, type select server 1 where server 1 is the offline domain controller object I intend to remove. Press enter.

At the next select operation target prompt, type quit to exit out to the metadata cleanup prompt.

At the next metadata cleanup prompt, type Remove selected server.

At the ‘Server Remove Confirmation Dialog’, click yes to remove the failed Domain Controller server object.After the removal is successful, I exit out of the ntdsutil tool by typing quit all the way up. I ran the repadmin /replsummary command again to verify and the result shows no replication errors.

I still had to go into the DNS forward lookup and reverse lookup zones to manually remove references to the offline domain controller object.I hope this helps.

Active Directory Auditing Tool

Active Directory: Add a Domain Controller to PowerShell

Add a domain to the Active Directory

Add a Mapped Drive to a User Profile Using GPO

Add all users in OU to security group

Add Extension Attribute to User

ADSI Purge

Change Windows Desktop Background Using Group Policy

Checking Active Directory Domain Controller Health and Replication

Clean Up Server Metadata

CONFIGURE NTP TIME SYNC USING GROUP POLICY

Create a Group to Assign Permissions to Access Files

Create WMI Filters for the GPO

Cross Forest Resource Security

Demote or Promote Domain Controller

Determine AD forest and domain level

Disable "These files might be harmful to your computer" warning?

Disabling and Enabling Outbound Replication

Domain Controller DNS Best Practice

Domain Trust

Force reinstall of applications deployed by software GPO after uninstall

Get Password Info

How To Add Local Administrators via GPO (Group Policy)

How to Audit User Account Changes in Active Directory

How to Change the Default Lock Screen Image using GPO

How to create and manage the Central Store for Group Policy Administrative Templates in Windows

How to Disable NTLM Authentication in Windows Domain

How to Export Active Directory Users to CSV and Build Reports

How to find the source of failed logon attempts

How To Fix Group Policy: Error Windows could not determine if the user and computer accounts are in the same forest

How to install and configure Microsoft LAPS

How to Remove (Demote) a Domain Controller in Active Directory

How to Remove (Demote) a Domain Controller in Active Directory

How to store BitLocker keys in Active Directory

Joining Active Directory Error

Keytab file

LAPS_OperationsGuide

Migrate user domain profile from one domain to another domain

Modify Group Policy's refresh interval

Move FSMO Roles

Move-ADDirectoryServerOperationMasterRole

Netlogon Logging

Powershell export AD users in OU to CSV

Rejoining an "untrusted" workstation and primary domain

Rename Domain

repadmin

Repairing Broken Trust Relationship Between Workstation and AD Domain

Restore Default Domain Policy

Securing Active Directory: Who can add computers to the domain? Only the domain admin?

Security Groups

Step-By-Step: Manually Removing A Domain Controller Server

USER PROFILES AND USER FOLDERS REDIRECTION USING GPO

Using NTDSUTIL Metada Cleanup to Remove a Failed/Offline Domain Controller Object.

Wrong error message for missing .adml files

Transferring/Seizing FSMO Roles to Another Domain Controller

Raise domain and forest functional levels in Active Directory Domain Services

7zip Command Line

Add user to Administrators Group

Choice Command

CMD Line Admin

CMD Line Registry Delete

Configure TCP/IP from the Command Prompt

DNS Change Via CMD Line

Enable Remote Desktop Via Command Line

Hyper-V

Invalid H:\ Drive

Network Share Folder

Remote GPResult

Run Commands

Test if Computer is Azure Joined

Windows Activation Post Azurre Migration

Windows S.M.A.R.T Check

Check Installed Drive Type

Check type of computer

Change power settings

Clear DFS Problems

DFS Backlog Check

DFS Checker

DFS Checker client install and setup

DFS Checker Configuration Settings