Removal of dead server GUID's from the Active Directory

Discussion in 'Active Directory' started by Andrew Dodd, Nov 12, 2008.

  1. Andrew Dodd

    Andrew Dodd Guest

    Hi All,

    We have a root and 7 child domains and over time we have had upgrades we
    have some dead GUID's in the Active Directory. After running the repadmin
    /showvector /latency ... dnsdomain we get the following:-

    f7e04229-7209-4057-939a-7e4e23778f08 @ USN 7751491 @ Time (unknown)
    62ce0f3e-5d43-4e47-96e7-4a06da5686aa @ USN 31292525 @ Time (unknown)
    f1904e5c-64c2-4b6e-a7f7-77113cf7542e @ USN 6142210 @ Time (unknown)
    68bb747d-0f36-4279-9d2b-a065d82db16b @ USN 11191827 @ Time (unknown)

    My question is how do we clean up this up
     
    Andrew Dodd, Nov 12, 2008
    #1
    1. Advertisements

  2. Meinolf Weber, Nov 12, 2008
    #2
    1. Advertisements

  3. Hello Andrew,
    If these are old dc's that were never removed properly from the domain then
    you can clean them up via NTDSUTIL
    http://support.microsoft.com/kb/216498

    If these are old child domain's not properly cleaned up, then you could again
    use NTDSUTIL
    http://windowsitpro.com/article/art...-ntdsutil-to-delete-a-nonexistent-domain.html


    Be careful and make sure that you know exactly what you are deleting.


    --
    Paul Bergson
    MVP - Directory Services
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, 2003, 2000 (Early Achiever), NT4


    http://www.pbbergs.com

    Please no e-mails, any questions should be posted in the NewsGroup This posting
    is provided "AS IS" with no warranties, and confers no rights.
     
    Paul Bergson [MVP-DS], Nov 12, 2008
    #3
  4. Andrew Dodd

    Andrew Dodd Guest

    I followed the KB216498 but on the remote servers we always get these dead
    GUID's. I have only had 1 domain removed from the directory and that came out
    cleanly.

    I am wondering how we can remove them thats all. No errors in the logs but
    me being fussy..

    Andrew
     
    Andrew Dodd, Nov 12, 2008
    #4
  5. Hello Andrew,

    Are you talking now about domains or domain controllers as the subject states?

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Nov 12, 2008
    #5
  6. Andrew Dodd

    Andrew Dodd Guest

    I am talking about Domain Controllers as down the export is the replicating
    servers for that domain partition.

    Andrew
     
    Andrew Dodd, Nov 12, 2008
    #6
  7. Hello Andrew,

    Did you check AD sits and services, DNS and AD that all removed DC's are
    not longer listed at any of these consoles? In AD SS you have to delete them
    by hand after demoting, they are not removed there automatically.

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Nov 12, 2008
    #7
  8. Hello Andrew,
    Lets make sure things are really clean.

    Run diagnostics against your Active Directory domain.

    If you don't have the support tools installed, install them from your server
    install disk.
    d:\support\tools\setup.exe

    Run dcdiag, netdiag and repadmin in verbose mode.
    -> DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log
    -> netdiag.exe /v > c:\netdiag.log (On each dc)
    -> repadmin.exe /showrepl dc* /verbose /all /intersite > c:\repl.txt
    -> dnslint /ad /s "ip address of your dc"

    **Note: Using the /E switch in dcdiag will run diagnostics against ALL dc's
    in the forest. If you have significant numbers of DC's this test could generate
    significant detail and take a long time. You also want to take into account
    slow links to dc's will also add to the testing time.

    If you download a gui script I wrote it should be simple to set and run (DCDiag
    and NetDiag). It also has the option to run individual tests without having
    to learn all the switch options. The details will be output in notepad text
    files that pop up automagically.

    The script is located on my website at http://www.pbbergs.com/windows/downloads.htm

    Just select both dcdiag and netdiag make sure verbose is set. (Leave the
    default settings for dcdiag as set when selected)

    When complete search for fail, error and warning messages.

    Description and download for dnslint
    http://support.microsoft.com/kb/321045



    --
    Paul Bergson
    MVP - Directory Services
    MCTS, MCT, MCSE, MCSA, Security+, BS CSci
    2008, 2003, 2000 (Early Achiever), NT4


    http://www.pbbergs.com

    Please no e-mails, any questions should be posted in the NewsGroup This posting
    is provided "AS IS" with no warranties, and confers no rights.
     
    Paul Bergson [MVP-DS], Nov 12, 2008
    #8
  9. Andrew Dodd

    Jorge Silva Guest

    Hi
    -Sounds normal, these guids normalmally represent old DCs that have been
    removed from AD.
    -Of course you should run dcdiag and netdiag and check if everything is ok.
    --
    I hope that the information above helps you.
    Have a Nice day.

    Jorge Silva
    MCSE, MVP Directory Services

    Please no e-mails, any questions should be posted in the NewsGroup
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Jorge Silva, Nov 12, 2008
    #9
  10. Andrew Dodd

    Andrew Dodd Guest

    Jorge,

    Thank you for the feedback... I think your right that its the old
    decommissioned servers but is there a way of removing these entries as I
    guess I am being a little fussy and like a clean directory.

    Andrew
     
    Andrew Dodd, Nov 13, 2008
    #10
  11. Andrew Dodd

    Jorge Silva Guest

    Do not worry about it, it will be removed.

    --
    I hope that the information above helps you.
    Have a Nice day.

    Jorge Silva
    MCSE, MVP Directory Services

    Please no e-mails, any questions should be posted in the NewsGroup
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Jorge Silva, Nov 18, 2008
    #11
  12. Jorge de Almeida Pinto [MVP - DS], Nov 29, 2008
    #12
  13. Andrew Dodd

    Andrew Dodd Guest

    Thats just what I was looking for... It explans everything

    Thank you for the reply
     
    Andrew Dodd, Dec 1, 2008
    #13
  14. Jorge de Almeida Pinto [MVP - DS], Dec 1, 2008
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.