Ghost Domain Controller in AD

By Eversurf
in Microsoft (Windows)

 Share

Recommended Posts

Mentor

Eversurf

Posted
Posted

I have a Domain Controller in my Active Directory that doesn't exist. If I look in the Domain Controller container it shows up in there. Obviously it hasn't been remove properly (I don't know the reason) I need to remove it because I believe it is causing errors in my event log.

Has anyone ever done this or can someome point me to some documentation.

Thank you

Link to comment
https://www.neowin.net/forum/topic/321171-ghost-domain-controller-in-ad/
Share on other sites
Community Regular

Draaku

Posted
Posted

2 second google search...this should do it for you. I've done this once a looong time ago.

Windows 2000 tracks each domain controller (DC) in the metadata. If you remove a DC (e.g., through reinstallation or hardware removal) and you don?t run DCPROMO to clean up the DC?s metadata, connection objects will remain.

You can use the utility NTDSUTIL to remove a server from the metadata. (In the following code, enter the commands in bold.)

D:\>ntdsutil

ntdsutil: metadata cleanup

metadata cleanup: select operation target

Next, you must connect to a server. In my example, I select a domain to accomplish this task. (In the following code, enter the commands in bold.)

select operation target: connections

server connections: connect to domain savilltech.com

Binding to \\TITANIC.savilltech.com ...

Connected to \\TITANIC.savilltech.com using credentials of locally logged on user

server connections: quit

Next, you must select a site, a server (i.e., the server you want to delete), and the domain the server is in. The order isn?t important. (In the following code, enter the commands in bold.)

select operation target: list sites

Found 2 site(s)

0 - CN=London,CN=Sites,CN=Configuration,DC=savilltech,DC=com

1 - CN=Kent,CN=Sites,CN=Configuration,DC=savilltech,DC=com

select operation target: select site 0

Site - CN=London,CN=Sites,CN=Configuration,DC=savilltech,DC=com

No current domain

No current server

No current Naming Context

select operation target: list servers in site

Found 4 server(s)

0 - CN=TITANIC,CN=Servers,CN=London,CN=Sites,CN=Configuration,DC=savilltech,DC=com

1 - CN=TITUS,CN=Servers,CN=London,CN=Sites,CN=Configuration,DC=savilltech,DC=com

2 - CN=MORPHEUS,CN=Servers,CN=London,CN=Sites,CN=Configuration,DC=savilltech,DC=com

3 - CN=TRINITY,CN=Servers,CN=London,CN=Sites,CN=Configuration,DC=savilltech,DC=com

select operation target: select server 2

Site - CN=London,CN=Sites,CN=Configuration,DC=savilltech,DC=com

No current domain

Server - CN=MORPHEUS,CN=Servers,CN=London,CN=Sites,CN=Configuration,DC=savilltech,DC=com

DSA object - CN=NTDS Settings,CN=MORPHEUS,CN=Servers,CN=London,CN=Sites,CN=Configuration,DC=savilltech,DC=com

DNS host name - MORPHEUS.deleteme.savilltech.com

Computer object - CN=MORPHEUS,OU=Domain Controllers,DC=deleteme,DC=savilltech,DC=com

No current Naming Context

select operation target: list domains

Found 3 domain(s)

0 - DC=savilltech,DC=com

1 - DC=dev,DC=savilltech,DC=com

2 - DC=deleteme,DC=savilltech,DC=com

select operation target: select domain 0

Site - CN=London,CN=Sites,CN=Configuration,DC=savilltech,DC=com

Domain - DC=savilltech,DC=com

Server - CN=MORPHEUS,CN=Servers,CN=London,CN=Sites,CN=Configuration,DC=savilltech,DC=com

DSA object - CN=NTDS Settings,CN=MORPHEUS,CN=Servers,CN=London,CN=Sites,CN=Configuration,DC=savilltech,DC=com

DNS host name - MORPHEUS.deleteme.savilltech.com

Computer object - CN=MORPHEUS,OU=Domain Controllers,DC=deleteme,DC=savilltech,DC=com

No current Naming Context

select operation target: quit

Next, remove the server you selected. (In the following code, enter the command in bold.)

metadata cleanup: remove selected server

In the confirmation dialog box, which the Screen shows, click Yes.

ntdsutilremoveserver.gif

Close the utility. (In the following code, enter the commands in bold.)

"CN=MORPHEUS,CN=Servers,CN=London,CN=Sites,CN=Configuration,DC=savilltech,DC=com

" removed from server "\\TITANIC.savilltech.com"

metadata cleanup: quit

ntdsutil: quit

Disconnecting from \\TITANIC.savilltech.com ...

Finally, you need to delete the server from the Microsoft Management Console (MMC) Active Directory Sites and Servers snap-in. Select Programs, Administrative Tools, Active Directory Sites and Services from the Start menu. Expand the Sites branch, select the site, expand the Services container, right-click the server, and select Delete. Click Yes in the confirmation dialog box. I have been informed of a possible problem with this is SP2 is installed in which case perform on a box without SP2 installed.

Mentor

Eversurf

Posted
  • Author
Posted

Alright I have deleted it and it was pretty cool because it asked me the reason why I wanted to delete that object. I choose because the DC wasn't online anymore and could not be remove using dcpromo. Time will tell if the error problems have been resolved

Thank for the help and have fun !!!

  • 10 years later...
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Google open-sources zero-knowledge proof code for enhanced online privacy

      By excalpius · Posted

      That's helpful, thanks. The key issue as I see it is that the issuer of the verification is still getting that request from WhateverNaughty.com, which immediately becomes a problem if this is a government issuer, etc. but it's a huge problem for any user with any issuer. I guess the solution, and maybe this goes without saying and I've missed it in your fine posts, is that the requester is also anonymized. That way, the issuer doesn't have a record of X person requested verification for Y website. And anyone who hacks that data is going to get precisely nothing. This only works is, as you say, this is a one-time challenge each time, and we all agree that no one is keeping/storing that data for any use anyway. After all, "is this person 18+ age" would only respond Yes/No, which is hardly actionable by anyone...as long as the asker only gets Yes/No and the Answerer doesn't know or care who's asking. :) Are both ends anonymized?
    • A 13-year-old prodigy helped improve the security of Microsoft products

      By TRS-80 · Posted

      It definitely can be especially if you live in a dorm or frat/sorority house during your time in college. However, for many who live at home or in their own off campus residence and commute to classes it can be just about the classes. That is how it was for me. Except for classes, time in the library and some time in the student union mostly for eating and taking a break between classes, I was never on compus
    • One UI 8 reveals Samsung's upcoming tri-fold phone

      By TRS-80 · Posted

      As one person commented on my use of my old Pocophone, they are also MP3 players.
    • Meta explains how EU's "unlawful" ad-free choice ruling hurts users and businesses

      By excalpius · Posted

      They do not. I know this personally, but let's use some evidence instead. For example, Europe and other nations aren't drenched in neverending ads like we are (think soccer being the most popular world sport and yet there are no ads during/delaying the gameplay itself, unlike every sport in America). The truth is that it's all just a ridiculous shell game between marketing/ad people who want to keep their jobs and websites/networks who want to keep charging for air time for ads to be funded. And, of course, the enshittification of everything for ever increasing quarterly returns for Wall Street only matters here, not everywhere else. We all know that consumers ignore commercials and block the ads now, so we know it doesn't lead to enough sales to justify this cashola merry-go-round. But they are still thinking like this is still the good old days of TV and, quite frankly, they don't know any better... The better solution, of course, is sponsorship -- a way of advertising your product and associations in a meaningful way, without bombarding annoyed consumers with the same damn ad for the same damn product at every single forced commercial break.
    • Microsoft gets pummeled as Windows 10 'free' extended support won't save "400 million" PCs

      By TRS-80 · Posted

      That is also my understanding of Apple's support for their older devices.

  • Recent Achievements

    • First Post
      Celilo earned a badge
      First Post
    • One Year In
      K.I.S.S. earned a badge
      One Year In
    • Week One Done
      solidox earned a badge
      Week One Done
    • Dedicated
      solidox earned a badge
      Dedicated
    • Week One Done
      Devesh Beri earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      447
    2. 2
      ATLien_0
      166
    3. 3
      +FloatingFatMan
      153
    4. 4
      Nick H.
      66
    5. 5
      macoman
      63
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!