Can't remove old SBS 2003 DC

I've migrated an SBS-2003 to new hw according to "Migrating Windows Small
Business Server 2003 to New Hardware"
(http://technet.microsoft.com/en-us/l.../cc747454.aspx), everything went
fine except when I got to the last step "To create an alias" of the old
server name on page 32 when it failed.
I demoted and disconnected the old server from the domain and as I thought
the problem was that the old server was still present in AD.
But when I did so the server wasn't removed from the AD, instead it's there
with a red cross over it.
I can re-add the old server to the domain and then it appears in AD, but if
I try to delete the server from AD then this can't be done due to "Access is
denied".
Other servers/workstations on the network can be deleted but not this one.
I've tried to reset the machine password with netdom on the old server, but
it failes as the server is not a DC.
Any clue how I can get rid of the old server, so that I hopefully can create
an alias of it?

Mats W wrote:
> I've migrated an SBS-2003 to new hw according to "Migrating Windows
> Small Business Server 2003 to New Hardware"
> (http://technet.microsoft.com/en-us/l.../cc747454.aspx),
> everything went fine except when I got to the last step "To create an
> alias" of the old server name on page 32 when it failed.
> I demoted and disconnected the old server from the domain and as I
> thought the problem was that the old server was still present in AD.
> But when I did so the server wasn't removed from the AD, instead it's
> there with a red cross over it.
> I can re-add the old server to the domain and then it appears in AD,
> but if I try to delete the server from AD then this can't be done due
> to "Access is denied".
> Other servers/workstations on the network can be deleted but not this
> one. I've tried to reset the machine password with netdom on the old
> server, but it failes as the server is not a DC.
> Any clue how I can get rid of the old server, so that I hopefully can
> create an alias of it?

You need to manually clean it up from AD using metadata cleanup;

http://technet.microsoft.com/en-us/l.../cc736378.aspx


--
/kj

Tried it but it doesn't work. ntdsutil returns "Directory object not found" on
metadata cleanup: remove selected server
CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
I used LDP to determine the DN of the old server, and it shows
CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local

CN=HERMOD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
CN=NTDS
Settings,CN=HERMOD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local

CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
CN=Exchange
Settings,CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local

If I follow the pre-SP1 procedure below, then the command "list servers in
site" just lists the new server HERMOD, and the reason may be that the entry
for the old server TOR is for Exchange settings and not NTDS.

Is there some way to clean up Exchange settings?

"kj [SBS MVP]" wrote:

> Mats W wrote:
> > I've migrated an SBS-2003 to new hw according to "Migrating Windows
> > Small Business Server 2003 to New Hardware"
> > (http://technet.microsoft.com/en-us/l.../cc747454.aspx),
> > everything went fine except when I got to the last step "To create an
> > alias" of the old server name on page 32 when it failed.
> > I demoted and disconnected the old server from the domain and as I
> > thought the problem was that the old server was still present in AD.
> > But when I did so the server wasn't removed from the AD, instead it's
> > there with a red cross over it.
> > I can re-add the old server to the domain and then it appears in AD,
> > but if I try to delete the server from AD then this can't be done due
> > to "Access is denied".
> > Other servers/workstations on the network can be deleted but not this
> > one. I've tried to reset the machine password with netdom on the old
> > server, but it failes as the server is not a DC.
> > Any clue how I can get rid of the old server, so that I hopefully can
> > create an alias of it?
>
> You need to manually clean it up from AD using metadata cleanup;
>
> http://technet.microsoft.com/en-us/l.../cc736378.aspx
>
>
> --
> /kj
>
>
>

You have a server listed as an Exchange server in the org showing in the EMC
or in ADUC as a Domain Controller?

Perhaps I'm confused.

Mats W wrote:
> Tried it but it doesn't work. ntdsutil returns "Directory object not
> found" on metadata cleanup: remove selected server
> CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> I used LDP to determine the DN of the old server, and it shows
> CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
>
> CN=HERMOD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> CN=NTDS
> Settings,CN=HERMOD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
>
> CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> CN=Exchange
> Settings,CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
>
> If I follow the pre-SP1 procedure below, then the command "list
> servers in site" just lists the new server HERMOD, and the reason may
> be that the entry for the old server TOR is for Exchange settings and
> not NTDS.
>
> Is there some way to clean up Exchange settings?
>
> "kj [SBS MVP]" wrote:
>
>> Mats W wrote:
>>> I've migrated an SBS-2003 to new hw according to "Migrating Windows
>>> Small Business Server 2003 to New Hardware"
>>> (http://technet.microsoft.com/en-us/l.../cc747454.aspx),
>>> everything went fine except when I got to the last step "To create
>>> an alias" of the old server name on page 32 when it failed.
>>> I demoted and disconnected the old server from the domain and as I
>>> thought the problem was that the old server was still present in AD.
>>> But when I did so the server wasn't removed from the AD, instead
>>> it's there with a red cross over it.
>>> I can re-add the old server to the domain and then it appears in AD,
>>> but if I try to delete the server from AD then this can't be done
>>> due to "Access is denied".
>>> Other servers/workstations on the network can be deleted but not
>>> this one. I've tried to reset the machine password with netdom on
>>> the old server, but it failes as the server is not a DC.
>>> Any clue how I can get rid of the old server, so that I hopefully
>>> can create an alias of it?
>>
>> You need to manually clean it up from AD using metadata cleanup;
>>
>> http://technet.microsoft.com/en-us/l.../cc736378.aspx
>>
>>
>> --
>> /kj

--
/kj

Old (now demoted DC) TOR is listed in ADUC "Computers", new DC HERMOD is
listed in ADUC under "Domain Controllers".
The problem is that TOR can't be deleted from "Computers". When I try to
delete it AD says :
"Object TOR is a container and contains other objects. Are you sure you want
to delete object TOR and the objects it contains?". If I klick YES then I get
"The object TOR (or some of the objects it contains) cannot be deleted
because: Access is denied".

"kj [SBS MVP]" wrote:

> You have a server listed as an Exchange server in the org showing in the EMC
> or in ADUC as a Domain Controller?
>
> Perhaps I'm confused.
>
> Mats W wrote:
> > Tried it but it doesn't work. ntdsutil returns "Directory object not
> > found" on metadata cleanup: remove selected server
> > CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> > I used LDP to determine the DN of the old server, and it shows
> > CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> >
> > CN=HERMOD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> > CN=NTDS
> > Settings,CN=HERMOD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> >
> > CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> > CN=Exchange
> > Settings,CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> >
> > If I follow the pre-SP1 procedure below, then the command "list
> > servers in site" just lists the new server HERMOD, and the reason may
> > be that the entry for the old server TOR is for Exchange settings and
> > not NTDS.
> >
> > Is there some way to clean up Exchange settings?
> >
> > "kj [SBS MVP]" wrote:
> >
> >> Mats W wrote:
> >>> I've migrated an SBS-2003 to new hw according to "Migrating Windows
> >>> Small Business Server 2003 to New Hardware"
> >>> (http://technet.microsoft.com/en-us/l.../cc747454.aspx),
> >>> everything went fine except when I got to the last step "To create
> >>> an alias" of the old server name on page 32 when it failed.
> >>> I demoted and disconnected the old server from the domain and as I
> >>> thought the problem was that the old server was still present in AD.
> >>> But when I did so the server wasn't removed from the AD, instead
> >>> it's there with a red cross over it.
> >>> I can re-add the old server to the domain and then it appears in AD,
> >>> but if I try to delete the server from AD then this can't be done
> >>> due to "Access is denied".
> >>> Other servers/workstations on the network can be deleted but not
> >>> this one. I've tried to reset the machine password with netdom on
> >>> the old server, but it failes as the server is not a DC.
> >>> Any clue how I can get rid of the old server, so that I hopefully
> >>> can create an alias of it?
> >>
> >> You need to manually clean it up from AD using metadata cleanup;
> >>
> >> http://technet.microsoft.com/en-us/l.../cc736378.aspx
> >>
> >>
> >> --
> >> /kj
>
> --
> /kj
>
>
>

Ah. OK. So in ADUC make sure the "VIEW. Advanced features" is selected, then
you should be able to expand the server TOR and see what object the server
container contains. It could be several things with different course of
actions. So suggest posting back what you find before proceeding.

And as always a verified good copy of your AD is in order.

Mats W wrote:
> Old (now demoted DC) TOR is listed in ADUC "Computers", new DC HERMOD
> is listed in ADUC under "Domain Controllers".
> The problem is that TOR can't be deleted from "Computers". When I try
> to delete it AD says :
> "Object TOR is a container and contains other objects. Are you sure
> you want to delete object TOR and the objects it contains?". If I
> klick YES then I get "The object TOR (or some of the objects it
> contains) cannot be deleted because: Access is denied".
>
> "kj [SBS MVP]" wrote:
>
>> You have a server listed as an Exchange server in the org showing in
>> the EMC or in ADUC as a Domain Controller?
>>
>> Perhaps I'm confused.
>>
>> Mats W wrote:
>>> Tried it but it doesn't work. ntdsutil returns "Directory object not
>>> found" on metadata cleanup: remove selected server
>>> CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
>>> I used LDP to determine the DN of the old server, and it shows
>>> CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
>>>
>>> CN=HERMOD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
>>> CN=NTDS
>>> Settings,CN=HERMOD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
>>>
>>> CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
>>> CN=Exchange
>>> Settings,CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
>>>
>>> If I follow the pre-SP1 procedure below, then the command "list
>>> servers in site" just lists the new server HERMOD, and the reason
>>> may be that the entry for the old server TOR is for Exchange
>>> settings and not NTDS.
>>>
>>> Is there some way to clean up Exchange settings?
>>>
>>> "kj [SBS MVP]" wrote:
>>>
>>>> Mats W wrote:
>>>>> I've migrated an SBS-2003 to new hw according to "Migrating
>>>>> Windows Small Business Server 2003 to New Hardware"
>>>>> (http://technet.microsoft.com/en-us/l.../cc747454.aspx),
>>>>> everything went fine except when I got to the last step "To create
>>>>> an alias" of the old server name on page 32 when it failed.
>>>>> I demoted and disconnected the old server from the domain and as I
>>>>> thought the problem was that the old server was still present in
>>>>> AD. But when I did so the server wasn't removed from the AD,
>>>>> instead it's there with a red cross over it.
>>>>> I can re-add the old server to the domain and then it appears in
>>>>> AD, but if I try to delete the server from AD then this can't be
>>>>> done due to "Access is denied".
>>>>> Other servers/workstations on the network can be deleted but not
>>>>> this one. I've tried to reset the machine password with netdom on
>>>>> the old server, but it failes as the server is not a DC.
>>>>> Any clue how I can get rid of the old server, so that I hopefully
>>>>> can create an alias of it?
>>>>
>>>> You need to manually clean it up from AD using metadata cleanup;
>>>>
>>>> http://technet.microsoft.com/en-us/l.../cc736378.aspx
>>>>
>>>>
>>>> --
>>>> /kj
>>
>> --
>> /kj

--
/kj

The "ADSI Edit" plugin showed that object TOR
(CN=Computers,CN=TOR,DC=WIKAB,DC=local) contained some printer objects plus
something called CN=IASIdentity and another called CN=RouterIdentity.
The printer objects could be deleted by running dcpromo on TOR, delete
printers from AD and run dcpromo again. But the other objects didn't go away.
Also, there's still a CN=TOR under
CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local which in turn contains an object CN=Exchange Settings.


"kj [SBS MVP]" wrote:

> Ah. OK. So in ADUC make sure the "VIEW. Advanced features" is selected, then
> you should be able to expand the server TOR and see what object the server
> container contains. It could be several things with different course of
> actions. So suggest posting back what you find before proceeding.
>
> And as always a verified good copy of your AD is in order.
>
> Mats W wrote:
> > Old (now demoted DC) TOR is listed in ADUC "Computers", new DC HERMOD
> > is listed in ADUC under "Domain Controllers".
> > The problem is that TOR can't be deleted from "Computers". When I try
> > to delete it AD says :
> > "Object TOR is a container and contains other objects. Are you sure
> > you want to delete object TOR and the objects it contains?". If I
> > klick YES then I get "The object TOR (or some of the objects it
> > contains) cannot be deleted because: Access is denied".
> >
> > "kj [SBS MVP]" wrote:
> >
> >> You have a server listed as an Exchange server in the org showing in
> >> the EMC or in ADUC as a Domain Controller?
> >>
> >> Perhaps I'm confused.
> >>
> >> Mats W wrote:
> >>> Tried it but it doesn't work. ntdsutil returns "Directory object not
> >>> found" on metadata cleanup: remove selected server
> >>> CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> >>> I used LDP to determine the DN of the old server, and it shows
> >>> CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> >>>
> >>> CN=HERMOD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> >>> CN=NTDS
> >>> Settings,CN=HERMOD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> >>>
> >>> CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> >>> CN=Exchange
> >>> Settings,CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> >>>
> >>> If I follow the pre-SP1 procedure below, then the command "list
> >>> servers in site" just lists the new server HERMOD, and the reason
> >>> may be that the entry for the old server TOR is for Exchange
> >>> settings and not NTDS.
> >>>
> >>> Is there some way to clean up Exchange settings?
> >>>
> >>> "kj [SBS MVP]" wrote:
> >>>
> >>>> Mats W wrote:
> >>>>> I've migrated an SBS-2003 to new hw according to "Migrating
> >>>>> Windows Small Business Server 2003 to New Hardware"
> >>>>> (http://technet.microsoft.com/en-us/l.../cc747454.aspx),
> >>>>> everything went fine except when I got to the last step "To create
> >>>>> an alias" of the old server name on page 32 when it failed.
> >>>>> I demoted and disconnected the old server from the domain and as I
> >>>>> thought the problem was that the old server was still present in
> >>>>> AD. But when I did so the server wasn't removed from the AD,
> >>>>> instead it's there with a red cross over it.
> >>>>> I can re-add the old server to the domain and then it appears in
> >>>>> AD, but if I try to delete the server from AD then this can't be
> >>>>> done due to "Access is denied".
> >>>>> Other servers/workstations on the network can be deleted but not
> >>>>> this one. I've tried to reset the machine password with netdom on
> >>>>> the old server, but it failes as the server is not a DC.
> >>>>> Any clue how I can get rid of the old server, so that I hopefully
> >>>>> can create an alias of it?
> >>>>
> >>>> You need to manually clean it up from AD using metadata cleanup;
> >>>>
> >>>> http://technet.microsoft.com/en-us/l.../cc736378.aspx
> >>>>
> >>>>
> >>>> --
> >>>> /kj
> >>
> >> --
> >> /kj
>
> --
> /kj
>
>
>

CN=RouterIdentity disapeared by running dcpromo on TOR, and then disabling
TOR as Routing and remote access server (I'm using an external router now).
And CN=IASIdentity was removed by uninstalling the Internet Authentication
Service on TOR.
But I've still got the CN=Exchange Settings which I can't figure out how to
remove

"Mats W" wrote:

> The "ADSI Edit" plugin showed that object TOR
> (CN=Computers,CN=TOR,DC=WIKAB,DC=local) contained some printer objects plus
> something called CN=IASIdentity and another called CN=RouterIdentity.
> The printer objects could be deleted by running dcpromo on TOR, delete
> printers from AD and run dcpromo again. But the other objects didn't go away.
> Also, there's still a CN=TOR under
> CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local which in turn contains an object CN=Exchange Settings.
>
>
> "kj [SBS MVP]" wrote:
>
> > Ah. OK. So in ADUC make sure the "VIEW. Advanced features" is selected, then
> > you should be able to expand the server TOR and see what object the server
> > container contains. It could be several things with different course of
> > actions. So suggest posting back what you find before proceeding.
> >
> > And as always a verified good copy of your AD is in order.
> >
> > Mats W wrote:
> > > Old (now demoted DC) TOR is listed in ADUC "Computers", new DC HERMOD
> > > is listed in ADUC under "Domain Controllers".
> > > The problem is that TOR can't be deleted from "Computers". When I try
> > > to delete it AD says :
> > > "Object TOR is a container and contains other objects. Are you sure
> > > you want to delete object TOR and the objects it contains?". If I
> > > klick YES then I get "The object TOR (or some of the objects it
> > > contains) cannot be deleted because: Access is denied".
> > >
> > > "kj [SBS MVP]" wrote:
> > >
> > >> You have a server listed as an Exchange server in the org showing in
> > >> the EMC or in ADUC as a Domain Controller?
> > >>
> > >> Perhaps I'm confused.
> > >>
> > >> Mats W wrote:
> > >>> Tried it but it doesn't work. ntdsutil returns "Directory object not
> > >>> found" on metadata cleanup: remove selected server
> > >>> CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> > >>> I used LDP to determine the DN of the old server, and it shows
> > >>> CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> > >>>
> > >>> CN=HERMOD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> > >>> CN=NTDS
> > >>> Settings,CN=HERMOD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> > >>>
> > >>> CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> > >>> CN=Exchange
> > >>> Settings,CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> > >>>
> > >>> If I follow the pre-SP1 procedure below, then the command "list
> > >>> servers in site" just lists the new server HERMOD, and the reason
> > >>> may be that the entry for the old server TOR is for Exchange
> > >>> settings and not NTDS.
> > >>>
> > >>> Is there some way to clean up Exchange settings?
> > >>>
> > >>> "kj [SBS MVP]" wrote:
> > >>>
> > >>>> Mats W wrote:
> > >>>>> I've migrated an SBS-2003 to new hw according to "Migrating
> > >>>>> Windows Small Business Server 2003 to New Hardware"
> > >>>>> (http://technet.microsoft.com/en-us/l.../cc747454.aspx),
> > >>>>> everything went fine except when I got to the last step "To create
> > >>>>> an alias" of the old server name on page 32 when it failed.
> > >>>>> I demoted and disconnected the old server from the domain and as I
> > >>>>> thought the problem was that the old server was still present in
> > >>>>> AD. But when I did so the server wasn't removed from the AD,
> > >>>>> instead it's there with a red cross over it.
> > >>>>> I can re-add the old server to the domain and then it appears in
> > >>>>> AD, but if I try to delete the server from AD then this can't be
> > >>>>> done due to "Access is denied".
> > >>>>> Other servers/workstations on the network can be deleted but not
> > >>>>> this one. I've tried to reset the machine password with netdom on
> > >>>>> the old server, but it failes as the server is not a DC.
> > >>>>> Any clue how I can get rid of the old server, so that I hopefully
> > >>>>> can create an alias of it?
> > >>>>
> > >>>> You need to manually clean it up from AD using metadata cleanup;
> > >>>>
> > >>>> http://technet.microsoft.com/en-us/l.../cc736378.aspx
> > >>>>
> > >>>>
> > >>>> --
> > >>>> /kj
> > >>
> > >> --
> > >> /kj
> >
> > --
> > /kj
> >
> >
> >

I found an article http://support.microsoft.com/kb/319486/en-us which kind of
points to that this object related to Exchange 2000, which could be the case
as TOR was an upgrade from SBS 2000 to SBS 2003.
I can see that CN=HERMOD (new server) under
CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local has no CN=Exchange Settings.
Is the CN=Exchange Settings under TOR obsolete?

"Mats W" wrote:

> CN=RouterIdentity disapeared by running dcpromo on TOR, and then disabling
> TOR as Routing and remote access server (I'm using an external router now).
> And CN=IASIdentity was removed by uninstalling the Internet Authentication
> Service on TOR.
> But I've still got the CN=Exchange Settings which I can't figure out how to
> remove
>
> "Mats W" wrote:
>
> > The "ADSI Edit" plugin showed that object TOR
> > (CN=Computers,CN=TOR,DC=WIKAB,DC=local) contained some printer objects plus
> > something called CN=IASIdentity and another called CN=RouterIdentity.
> > The printer objects could be deleted by running dcpromo on TOR, delete
> > printers from AD and run dcpromo again. But the other objects didn't go away.
> > Also, there's still a CN=TOR under
> > CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local which in turn contains an object CN=Exchange Settings.
> >
> >
> > "kj [SBS MVP]" wrote:
> >
> > > Ah. OK. So in ADUC make sure the "VIEW. Advanced features" is selected, then
> > > you should be able to expand the server TOR and see what object the server
> > > container contains. It could be several things with different course of
> > > actions. So suggest posting back what you find before proceeding.
> > >
> > > And as always a verified good copy of your AD is in order.
> > >
> > > Mats W wrote:
> > > > Old (now demoted DC) TOR is listed in ADUC "Computers", new DC HERMOD
> > > > is listed in ADUC under "Domain Controllers".
> > > > The problem is that TOR can't be deleted from "Computers". When I try
> > > > to delete it AD says :
> > > > "Object TOR is a container and contains other objects. Are you sure
> > > > you want to delete object TOR and the objects it contains?". If I
> > > > klick YES then I get "The object TOR (or some of the objects it
> > > > contains) cannot be deleted because: Access is denied".
> > > >
> > > > "kj [SBS MVP]" wrote:
> > > >
> > > >> You have a server listed as an Exchange server in the org showing in
> > > >> the EMC or in ADUC as a Domain Controller?
> > > >>
> > > >> Perhaps I'm confused.
> > > >>
> > > >> Mats W wrote:
> > > >>> Tried it but it doesn't work. ntdsutil returns "Directory object not
> > > >>> found" on metadata cleanup: remove selected server
> > > >>> CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> > > >>> I used LDP to determine the DN of the old server, and it shows
> > > >>> CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> > > >>>
> > > >>> CN=HERMOD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> > > >>> CN=NTDS
> > > >>> Settings,CN=HERMOD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> > > >>>
> > > >>> CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> > > >>> CN=Exchange
> > > >>> Settings,CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> > > >>>
> > > >>> If I follow the pre-SP1 procedure below, then the command "list
> > > >>> servers in site" just lists the new server HERMOD, and the reason
> > > >>> may be that the entry for the old server TOR is for Exchange
> > > >>> settings and not NTDS.
> > > >>>
> > > >>> Is there some way to clean up Exchange settings?
> > > >>>
> > > >>> "kj [SBS MVP]" wrote:
> > > >>>
> > > >>>> Mats W wrote:
> > > >>>>> I've migrated an SBS-2003 to new hw according to "Migrating
> > > >>>>> Windows Small Business Server 2003 to New Hardware"
> > > >>>>> (http://technet.microsoft.com/en-us/l.../cc747454.aspx),
> > > >>>>> everything went fine except when I got to the last step "To create
> > > >>>>> an alias" of the old server name on page 32 when it failed.
> > > >>>>> I demoted and disconnected the old server from the domain and as I
> > > >>>>> thought the problem was that the old server was still present in
> > > >>>>> AD. But when I did so the server wasn't removed from the AD,
> > > >>>>> instead it's there with a red cross over it.
> > > >>>>> I can re-add the old server to the domain and then it appears in
> > > >>>>> AD, but if I try to delete the server from AD then this can't be
> > > >>>>> done due to "Access is denied".
> > > >>>>> Other servers/workstations on the network can be deleted but not
> > > >>>>> this one. I've tried to reset the machine password with netdom on
> > > >>>>> the old server, but it failes as the server is not a DC.
> > > >>>>> Any clue how I can get rid of the old server, so that I hopefully
> > > >>>>> can create an alias of it?
> > > >>>>
> > > >>>> You need to manually clean it up from AD using metadata cleanup;
> > > >>>>
> > > >>>> http://technet.microsoft.com/en-us/l.../cc736378.aspx
> > > >>>>
> > > >>>>
> > > >>>> --
> > > >>>> /kj
> > > >>
> > > >> --
> > > >> /kj
> > >
> > > --
> > > /kj
> > >
> > >
> > >

Mats W wrote:
> I found an article http://support.microsoft.com/kb/319486/en-us which
> kind of
> points to that this object related to Exchange 2000, which could be
> the case
> as TOR was an upgrade from SBS 2000 to SBS 2003.
> I can see that CN=HERMOD (new server) under
> CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
> has no CN=Exchange Settings. Is the CN=Exchange Settings under TOR
> obsolete?

Sorry, away for a couple of days. How did you get from sbs 2000 to ssb2003?
What exchange settings are in this container?

>
> "Mats W" wrote:
>
>> CN=RouterIdentity disapeared by running dcpromo on TOR, and then
>> disabling TOR as Routing and remote access server (I'm using an
>> external router now). And CN=IASIdentity was removed by uninstalling
>> the Internet Authentication Service on TOR.
>> But I've still got the CN=Exchange Settings which I can't figure out
>> how to remove
>>
>> "Mats W" wrote:
>>
>>> The "ADSI Edit" plugin showed that object TOR
>>> (CN=Computers,CN=TOR,DC=WIKAB,DC=local) contained some printer
>>> objects plus
>>> something called CN=IASIdentity and another called
>>> CN=RouterIdentity.
>>> The printer objects could be deleted by running dcpromo on TOR,
>>> delete
>>> printers from AD and run dcpromo again. But the other objects
>>> didn't go away.
>>> Also, there's still a CN=TOR under
>>> CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
>>> which in turn contains an object CN=Exchange Settings.
>>>
>>>
>>> "kj [SBS MVP]" wrote:
>>>
>>>> Ah. OK. So in ADUC make sure the "VIEW. Advanced features" is
>>>> selected, then you should be able to expand the server TOR and see
>>>> what object the server container contains. It could be several
>>>> things with different course of actions. So suggest posting back
>>>> what you find before proceeding.
>>>>
>>>> And as always a verified good copy of your AD is in order.
>>>>
>>>> Mats W wrote:
>>>>> Old (now demoted DC) TOR is listed in ADUC "Computers", new DC
>>>>> HERMOD is listed in ADUC under "Domain Controllers".
>>>>> The problem is that TOR can't be deleted from "Computers". When I
>>>>> try to delete it AD says :
>>>>> "Object TOR is a container and contains other objects. Are you
>>>>> sure you want to delete object TOR and the objects it contains?".
>>>>> If I klick YES then I get "The object TOR (or some of the objects
>>>>> it contains) cannot be deleted because: Access is denied".
>>>>>
>>>>> "kj [SBS MVP]" wrote:
>>>>>
>>>>>> You have a server listed as an Exchange server in the org
>>>>>> showing in the EMC or in ADUC as a Domain Controller?
>>>>>>
>>>>>> Perhaps I'm confused.
>>>>>>
>>>>>> Mats W wrote:
>>>>>>> Tried it but it doesn't work. ntdsutil returns "Directory
>>>>>>> object not found" on metadata cleanup: remove selected server
>>>>>>> CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
>>>>>>> I used LDP to determine the DN of the old server, and it shows
>>>>>>> CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
>>>>>>>
>>>>>>> CN=HERMOD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
>>>>>>> CN=NTDS
>>>>>>> Settings,CN=HERMOD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
>>>>>>>
>>>>>>> CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
>>>>>>> CN=Exchange
>>>>>>> Settings,CN=TOR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=WIKAB,DC=local
>>>>>>>
>>>>>>> If I follow the pre-SP1 procedure below, then the command "list
>>>>>>> servers in site" just lists the new server HERMOD, and the
>>>>>>> reason may be that the entry for the old server TOR is for
>>>>>>> Exchange settings and not NTDS.
>>>>>>>
>>>>>>> Is there some way to clean up Exchange settings?
>>>>>>>
>>>>>>> "kj [SBS MVP]" wrote:
>>>>>>>
>>>>>>>> Mats W wrote:
>>>>>>>>> I've migrated an SBS-2003 to new hw according to "Migrating
>>>>>>>>> Windows Small Business Server 2003 to New Hardware"
>>>>>>>>> (http://technet.microsoft.com/en-us/l.../cc747454.aspx),
>>>>>>>>> everything went fine except when I got to the last step "To
>>>>>>>>> create an alias" of the old server name on page 32 when it
>>>>>>>>> failed.
>>>>>>>>> I demoted and disconnected the old server from the domain and
>>>>>>>>> as I thought the problem was that the old server was still
>>>>>>>>> present in AD. But when I did so the server wasn't removed
>>>>>>>>> from the AD, instead it's there with a red cross over it.
>>>>>>>>> I can re-add the old server to the domain and then it appears
>>>>>>>>> in AD, but if I try to delete the server from AD then this
>>>>>>>>> can't be done due to "Access is denied".
>>>>>>>>> Other servers/workstations on the network can be deleted but
>>>>>>>>> not this one. I've tried to reset the machine password with
>>>>>>>>> netdom on the old server, but it failes as the server is not
>>>>>>>>> a DC.
>>>>>>>>> Any clue how I can get rid of the old server, so that I
>>>>>>>>> hopefully can create an alias of it?
>>>>>>>>
>>>>>>>> You need to manually clean it up from AD using metadata
>>>>>>>> cleanup;
>>>>>>>>
>>>>>>>> http://technet.microsoft.com/en-us/l.../cc736378.aspx
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> /kj
>>>>>>
>>>>>> --
>>>>>> /kj
>>>>
>>>> --
>>>> /kj

--
/kj