Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, November 15, 2010 4:41 PM
We are in the process of migrating to a 2008 AD from a 2003 AD domain and are seeing some things that we want to make sure are okay before continuing.
Under the _sites section of our forest zone in DNS we show site names that are no longer part of the network and some of the sites contain server information (_ldap and _kerberos) under the _tcp section for the site and the servers have been removed form the domain. Looking under AD Sites and Services these sites and servers are not shown, but some of the servers did have issues when using dcpromo to remove them as domain controllers and from the domain.
If we run repadmin /showvector /latency <DC=domain,DC=net> we see several lines of what appear to be SID's with unknown or older replication dates and then our active servers and today's information (see below).
Are we able to manually remove the no longer active sites and servers from DNS without effecting AD and are there other areas we should look at to remove these as well? Do we need to worry about the SID's with unknown or older replication dates/times on them?
Caching GUIDs.
..
e8e6dbd5-1cd5-4d06-8fce-64fdc3fd7c16 @ USN 881171 @ Time (unknown)
47a0aad8-8496-4a78-b148-d8b97cd4d52f @ USN 1290839 @ Time (unknown)
bbd3346b-69a5-443c-9c84-d629f276b269 @ USN 230044 @ Time (unknown)
10d1d302-ea94-4fe3-9533-5101b40170fb @ USN 10805 @ Time (unknown)
e3b3e5fb-5bc1-43ae-9e45-f0f696a94711 @ USN 21991 @ Time (unknown)
359e4ce0-2cba-4242-b4ba-22cc5abc3ac0 @ USN 23672 @ Time (unknown)
80294cec-bcb8-48e6-82cf-8887994a8d20 @ USN 186006 @ Time (unknown)
77449190-14fc-4aa8-86fe-fce95d7340da @ USN 233436 @ Time (unknown)
26d4b16f-c3f8-4dbe-8a43-bb0740de397b @ USN 1320625 @ Time (unknown)
c50a83c9-0d5a-4926-a63a-ed1bf1dc1907 @ USN 217084 @ Time (unknown)
2d5c887f-1334-4ae0-b544-7ad8e5deb4f7 @ USN 1220149 @ Time (unknown)
d1983f81-5079-4f53-9702-bafc16b1e134 @ USN 10418 @ Time (unknown)
0b8d573a-0d9d-4165-b726-9b5838ab9d27 @ USN 6348544 @ Time 2008-02-08 13:41:28
99a00b18-3825-44c6-b3b3-f14fa242bfd4 @ USN 18673072 @ Time 2008-07-03 15:28:36
e1a8cff3-a2d7-4c85-af51-b2fcdc1dd18a @ USN 1096393 @ Time 2008-08-12 07:19:36
ec866f04-61c3-4752-9385-96e33368ef14 @ USN 731288 @ Time 2008-09-02 08:38:16
1302e9b6-11f1-405c-a3c4-d8dce7992109 @ USN 3537830 @ Time 2008-10-14 09:47:25
b464cd46-3a70-4784-b0fe-71545661d0a4 @ USN 6178327 @ Time 2008-10-15 12:12:18
2a9cb447-5d63-4313-9985-e544c7488672 @ USN 4048911 @ Time 2008-10-22 16:01:38
1aa12d58-876d-43c6-8552-8b6cb7ec3e3e @ USN 3568903 @ Time 2008-10-28 12:56:48
686432ad-fa3e-4534-bcad-29481bb55b06 @ USN 523890 @ Time 2009-04-14 07:01:49
13a92f71-e7a7-4984-9d9a-c69cde067148 @ USN 8057482 @ Time 2010-08-03 14:58:12
15b97621-fad9-4b5f-a1b6-3ea68d822f0c @ USN 3864404 @ Time 2010-10-06 14:33:58
0eda970b-f195-415f-9df3-1032a3a753e5 @ USN 1949735 @ Time 2010-10-11 11:39:01
04c67c20-7b92-4c24-b499-af6a5c668f85 @ USN 2928702 @ Time 2010-10-12 11:31:21
5939e069-4f41-4a15-9592-36d5a6b3e905 @ USN 848341 @ Time 2010-10-14 11:17:10
3deb1838-4508-481c-a0c1-52ae7d1a56cc @ USN 2070603 @ Time 2010-10-21 09:38:03
5ca633c1-d10d-4fe2-9029-6af22573e06d @ USN 104174 @ Time 2010-10-29 12:28:31
30acd297-e02f-453b-940c-748def834cb8 @ USN 2851717 @ Time 2010-10-29 13:23:17
servername\sitename @ USN 70808 @ Time 2010-11-15 08:56:56
servername\sitename @ USN 118740 @ Time 2010-11-15 09:26:55
servername\sitename @ USN 193023 @ Time 2010-11-15 09:26:55
servername\sitename @ USN 13390641 @ Time 2010-11-15 09:33:18
servername\sitename @ USN 799452 @ Time 2010-11-15 09:33:35
All replies (6)
Monday, November 15, 2010 11:58 PM ✅Answered | 1 vote
SOunds like you still have old DC data in the AD database. Check out the steps below to use Metadata Cleanup to see if there are any listed DCs that you know don't belong and haven't been properly removed.
Complete Step by Step Guideline to Remove an Orphaned Domain controller
http://msmvps.com/blogs/acefekay/archive/2010/10/05/complete-step-by-step-to-remove-an-orphaned-domain-controller.aspx
Ace
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Tuesday, November 16, 2010 12:06 AM ✅Answered
The GUIDs are a historical record of all DC's that have been installed in your environment. In general it is kept in case any DC is restored from backup.
More Information.
Understanding where AD replication vector information is stored
http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/Understanding%20where%20AD%20replication%20vector%20information%20is%20stored.aspx
Tuesday, November 16, 2010 2:46 AM ✅Answered
Hi,
For the legacy DNS records, you can remove them by using the steps in the KB article 216498 http://support.microsoft.com/kb/216498.
As for the old GUIDs showed in the output of the command, it is by design. If a DC is demoted, the object metadata will be cleaned up from AD. However, its Invocation ID will still exist in Up-to-dateness vector table. It will not cause any issue.
Thanks.
This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Tuesday, November 16, 2010 5:45 PM
Are we able to delete the orphaned sites under the DNS domain.local zones since they are no longer in use?
Wednesday, November 17, 2010 9:35 AM
Hi,
Generally speaking, the site name under the DNS zone will be removed after you delete the site in Active Directory Sites and Services console.
http://technet.microsoft.com/en-us/library/cc779837(WS.10).aspx
This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Monday, November 22, 2010 7:27 AM
Hi,
How's everything going?
Please feel free to respond back if you need further assistance.
Thanks.
This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.