question

Bearb avatar image
0 Votes"
Bearb asked DaisyZhou-MSFT commented

Metada cleanup error after manually Removing A Domain Controller Server

We had our domain controller 2008r2 which was in USN Rollback mode. So we decided to decommission it.
We were able to transfer the fsmo roles to the secondary domain controller.
But it was impossible to depromote the server. So we followed the following tuto:

https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-manually-removing-a-domain-controller-server/ba-p/280564

everything was OK except the command to remove the domain controller 2008 :

109512-erreur-dc-2008-1.png

Because of this, we can not increase the level of the forest:

109524-erreur-dc-2008-2.png

Thanks in advance


windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Bearb avatar image
0 Votes"
Bearb answered DSPatrick commented

Hi @DSPatrick

Thank you with the tool, i can see the old DC now.
I added to my user the full rights

110247-image.png

But i have this error when i m trying to delete it :

110283-image.png



Any ideas

Thank you


image.png (287.5 KiB)
image.png (14.4 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Also try Advanced and take ownership

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered

You may need to navigate to same location via ADSIEdit to delete. Make the account has permissions to delete objects.


--please don't forget to upvote and Accept as answer if the reply is helpful--


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Bearb avatar image
0 Votes"
Bearb answered

As you can see :

110354-image.png



I can see the old DC whit Active directory explorer but not with ADSI Edit.


image.png (460.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

You could try again with AD explorer using an account that has more permissions.

--please don't forget to upvote and Accept as answer if the reply is helpful--


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Bearb avatar image
0 Votes"
Bearb answered Bearb rolled back

I'm using the domain administrator account

I tried to change the right on it :

110692-image.png

But when i check the effective access, i have this :

110630-image.png

How can i delete the "object permissions" ?



image.png (254.3 KiB)
image.png (167.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

I think you're down one level too far (Setting For NTDS Settings). You want to be on the server name itself. You may have to disable inheritance, but I'm not sure what other effect this is going have. Another option is to start a case here with product support.
https://support.serviceshub.microsoft.com/supportforbusiness

--please don't forget to upvote and Accept as answer if the reply is helpful--





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Bearb avatar image
0 Votes"
Bearb answered DaisyZhou-MSFT commented

Thank you very much @DaisyZhou-MSFT and @DSPatrick

I was able to delete the old 2008 DC in AdExplorer :

111218-image.png

I was able to raise the domain/forest level :

111297-image.png



image.png (47.9 KiB)
image.png (87.0 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @Bearb,

Thank you for your update and accepting my reply as answer. I am very glad that the information is helpful and the problem has been solved.
As always, if there is any question in future, we warmly welcome you to post in this forum again. We are happy to assist you!

Best Regards,
Daisy Zhou

============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.

0 Votes 0 ·
DSPatrick avatar image
1 Vote"
DSPatrick answered

Glad to hear, you're welcome.

--please don't forget to upvote and Accept as answer if the reply is helpful--





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.