Wondering how to clean up server metadata by using Ntdsutil? We can help you.
At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Service.
Let’s take a look at how our Support Team use force authoritative and non-authoritative synchronization.
How to clean up server metadata by using Ntdsutil?
Today, let us see the methods followed by our Support Techs to clean up server metadata.
Metadata cleanup is a required procedure after a forced removal of Active Directory Domain Services (AD DS).
You perform metadata cleanup on a domain controller in the domain of the domain controller that you forcibly removed.
Metadata cleanup removes data from AD DS that identifies a domain controller to the replication system.
Metadata cleanup also removes FRS and DFS Replication connections and attempts to transfer or seize any operations master roles that the retired domain controller holds.
There are two options to clean up server metadata:
- Firstly, clean up server metadata by using GUI tools.
- Secondly, clean up server metadata using the command line.
Please note if you receive an “Access is denied” error when you use any of these methods to perform metadata cleanup, make sure that the computer object and the NTDS Settings object for the domain controller are not protected against accidental deletion.
To verify this right-click the computer object or the NTDS Settings object, click Properties, click Object, and clear the Protect object from accidental deletion check box.
In Active Directory Users and Computers, the Object tab of an object appears if you click View and then click Advanced Features.
Clean up server metadata using GUI tools
Membership in Domain Admins, or equivalent, is the minimum required to complete these procedures.
Clean up server metadata using Active Directory Users and Computers
1. Firstly, open Active Directory Users and Computers.
2. If you identify replication partners in preparation for this procedure and if you are not connect to a replication partner of the removed domain controller whose metadata you are cleaning up, right-click Active Directory Users and Computers node.
Then, click Change Domain Controller.
Click the name of the domain controller from which you want to remove the metadata, and then click OK.
3. Then, expand the domain of the domain controller that was forcibly removed, and then click Domain Controllers.
4. Next, in the details pane, right-click the computer object of the domain controller whose metadata you want to clean up, and then click Delete.
5. Then, in the Active Directory Domain Services dialog box, confirm the name of the domain controller you wish to delete is shown, and click Yes to confirm the computer object deletion.
6. Next, in the Deleting Domain Controller dialog box, select This Domain Controller is permanently offline and can no longer demote using the Active DCPROMO, and then click Delete.
7. If the domain controller is a global catalog server, in the Delete Domain Controller dialog box, click Yes to continue with the deletion.
8. If the domain controller currently holds one or more operations master roles, click OK to move the role or roles to the domain controller that is shown.
You cannot change this domain controller.
If you want to move the role to a different domain controller, you must move the role after you complete the server metadata cleanup procedure.
Clean up server metadata using Active Directory Sites and Services
1. Firstly, open Active Directory Sites and Services.
2. Then, if you identify replication partners in preparation for this procedure and if you are not connect to a replication partner of the removed domain controller whose metadata you are cleaning up.
Then, right-click Active Directory Sites and Services, and then click Change Domain Controller.
Click the name of the domain controller from which you want to remove the metadata, and then click OK.
3. Next, expand the site of the domain controller that was forcibly remove, expand Servers, expand the name of the domain controller, right-click the NTDS Settings object, and then click Delete.
4. Then, in the Active Directory Sites and Services dialog box, click Yes to confirm the NTDS Settings deletion.
5. Next, in the Deleting Domain Controller dialog box, select This Domain Controller is permanently offline and can no longer demote using the Active Directory Domain Services Installation Wizard (DCPROMO), and then click Delete.
6. If the domain controller is a global catalog server, in the Delete Domain Controller dialog box, click Yes to continue with the deletion.
7. If the domain controller currently holds one or more operations master roles, click OK to move the role or roles to the domain controller that is shown.
8. Then, right-click the domain controller that was forcibly remove, and then click Delete.
9. Finally, in the Active Directory Domain Services dialog box, click Yes to confirm the domain controller deletion.
Clean up server metadata using the command line
As an alternative, you can clean up metadata by using ntdsutil.exe, a command-line tool that is installed automatically on all domain controllers and servers that have Active Directory Lightweight Directory Services (AD LDS) installed.
ntdsutil.exe is also available on computers that have RSAT installed. To clean up server metadata by using ntdsutil do the following:
1. Firstly, open a command prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator.
If the User Account Control dialog box appears, provide credentials of an Enterprise Administrator if required, and then click Continue.
2. Then, at the command prompt, type the following command, and then press Enter:
ntdsutil
3. Next, at the ntdsutil: prompt, type the following command, and then press Enter:
metadata cleanup
4. Then, at the metadata cleanup: prompt, type the following command, and then press Enter:
remove selected server <ServerName>
5. In Server Remove Configuration Dialog, review the information and warning, and then click Yes to remove the server object and metadata.
6. At this point, Ntdsutil confirms that the domain controller was removed successfully.
If you receive an error message that indicates that the object cannot find, the domain controller might have been removed earlier.
7. Then, at the metadata cleanup: and ntdsutil: prompts, type quit, and then press Enter.
8 Finally, to confirm removal of the domain controller:
Open Active Directory Users and Computers. In the domain of the removed domain controller, click Domain Controllers.
In the details pane, an object for the domain controller that you removed should not appear.
[Looking for a solution to another query? We are just a click away.]
Conclusion
In brief, our skilled Support Engineers at Bobcares demonstrate how to clean up server metadata by using Ntdsutil.
[Looking for a solution to another query? We are just a click away.]
Conclusion
In brief, our skilled Support Engineers at Bobcares demonstrated how to set up Django on the latest Plesk Onyx%.
PREVENT YOUR SERVER FROM CRASHING!
Never again lose customers to poor server speed! Let us help you.
Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.
