After Active Directory Domain Services (AD DS) has been forcibly removed, metadata cleanup is a necessary. On a domain controller in the same domain as the domain controller that you forcibly removed; you clear away the metadata. Data from AD DS that identifies a domain controller to the replication system has been removed through metadata cleansing. Additionally, metadata cleanup attempts to transfer or take over any operations master (also known as flexible single master operations or FSMO) responsibilities that the retired domain controller currently holds, as well as eliminates File Replication Service (FRS) and Distributed File System (DFS) Replication links.

Clean up Active Directory Domain Controller server metadata

There are two options to clean up server metadata:

• Clean up server metadata by using GUI tools.
• Clean up server metadata using the command line.

Clean up server metadata using GUI tools

When you use Remote Server Administration Tools (RSAT) or the Active Directory Users and Computers console (Dsa.msc) that is included with Windows Server to delete a domain controller computer account from the Domain Controllers organizational unit (OU), the cleanup of server metadata is performed automatically. Before Windows Server 2008, you had to perform a separate metadata cleanup procedure.

You can also use the Active Directory Sites and Services console (Dssite.msc) to delete a domain controller’s computer account, which also completes metadata cleanup automatically. However, Active Directory Sites and Services removes the metadata automatically only when you first delete the NTDS Settings object below the computer account in Dssite.msc.

As long as you are using the Windows Server 2008 or newer RSAT versions of Dsa.msc or Dssite.msc, you can clean up metadata automatically for domain controllers running earlier versions of Windows operating systems.

Membership in Domain Admins, or equivalent, is the minimum required to complete these procedures.

Clean up server metadata using Active Directory Users and Computers

• Open Active Directory Users and Computers.

• If you have identified replication partners in preparation for this procedure and if you are not connected to a replication partner of the removed domain controller whose metadata you are cleaning up, right-click Active Directory Users and Computers node, and then click Change Domain Controller. Click the name of the domain controller from which you want to remove the metadata, and then click OK.

• Expand the domain of the domain controller that was forcibly removed, and then click Domain Controllers.

• In the details pane, right-click the computer object of the domain controller whose metadata you want to clean up, and then click Delete.

• In the Active Directory Domain Services dialog box, confirm the name of the domain controller you wish to delete is shown, and click Yes to confirm the computer object deletion.

• In the Deleting Domain Controller dialog box, select This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO), and then click Delete.

• If the domain controller is a global catalog server, in the Delete Domain Controller dialog box, click Yes to continue with the deletion.

• If the domain controller currently holds one or more operations master roles, click OK to move the role or roles to the domain controller that is shown. You cannot change this domain controller. If you want to move the role to a different domain controller, you must move the role after you complete the server metadata cleanup procedure.

Clean up server metadata using Active Directory Sites and Services

• Open Active Directory Sites and Services.

• If you have identified replication partners in preparation for this procedure and if you are not connected to a replication partner of the removed domain controller whose metadata you are cleaning up, right-click Active Directory Sites and Services, and then click Change Domain Controller. Click the name of the domain controller from which you want to remove the metadata, and then click OK.

• Expand the site of the domain controller that was forcibly removed, expand Servers.

• expand the name of the domain controller, right-click the NTDS Settings object, and then click Delete.

• In the Active Directory Sites and Services dialog box, click Yes to confirm the NTDS Settings deletion.

• In the Deleting Domain Controller dialog box, select This Domain Controller is permanently offline and can no longer be demoted using the Active Directory Domain Services Installation Wizard (DCPROMO), and then click Delete.

• If the domain controller is a global catalog server, in the Delete Domain Controller dialog box, click Yes to continue with the deletion.

• If the domain controller currently holds one or more operations master roles, click OK to move the role or roles to the domain controller that is shown.

Right-click the domain controller that was forcibly removed, and then click Delete.

• In the Active Directory Domain Services dialog box, click Yes to confirm the domain controller deletion.
  

  

Clean up server metadata using the command line

As an alternative, you can clean up metadata by using ntdsutil.exe, a command-line tool that is installed automatically on all domain controllers and servers that have Active Directory Lightweight Directory Services (AD LDS) installed. ntdsutil.exe is also available on computers that have RSAT installed. To clean up server metadata by using ntdsutil do the following:

1. Open a command prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, provide credentials of an Enterprise Administrator if required, and then click Continue.
2. At the command prompt, type the following command, and then press Enter:ntdsutil
3. At the ntdsutil: prompt, type the following command, and then press Enter:metadata cleanup
4. At the metadata cleanup: prompt, type the following command, and then press Enter:remove selected server <ServerName>
5. In Server Remove Configuration Dialog, review the information and warning, and then click Yes to remove the server object and metadata.At this point, Ntdsutil confirms that the domain controller was removed successfully. If you receive an error message that indicates that the object cannot be found, the domain controller might have been removed earlier.
6. At the metadata cleanup: and ntdsutil: prompts, type quit, and then press Enter.
7. To confirm removal of the domain controller:Open Active Directory Users and Computers. In the domain of the removed domain controller, click Domain Controllers. In the details pane, an object for the domain controller that you removed should not appear.Open Active Directory Sites and Services. Navigate to the Servers container and confirm that the server object for the domain controller that you removed does not contain an NTDS Settings object. If no child objects appear below the server object, you can delete the server object. If a child object appears, do not delete the server object because another application is using the object.

So, that’s all in this blog. I will meet you soon with next stuff. Have a nice day!!!

Guys please don’t forget to like and share the post. Also join our WindowsTechno Community and where you can post your queries/doubts and our experts will address them.

You can also share the feedback on below windows techno email id.

If you have any questions, feel free to contact us onadmin@windowstechno.com also follow us on facebook@windowstechno to get updates about new blog posts.