Forum Discussion

Samuel_Caunt's avatar
Samuel_Caunt
Copper Contributor
Jul 26, 2022

Discovery nTDSDSA Objects with no matching Discovered DC

Hi All, 

 

I recently decommissioned some domain controllers and migrated to them to new servers, however when i demoted one of the DC's it said it had worked however under sites and services the DC was still showing. I re-added the server back as a member DC and then tried a decommission with the /force option in the GUI.  This seemed to get rid of it however when i run the following tool i see the following issue:  

 

 

I have tried to run cleanup via NTSDUTIL and have followed various articles 

 

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc816907(v=ws.10)?redirectedfrom=MSDN

 

https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/remove-orphaned-domains

 

https://docs.microsoft.com/en-US/windows-server/identity/ad-ds/deploy/demoting-domain-controllers-and-domains--level-200-

 

I have even looked at ADSEDIT and tried to locate the offended attribute and neither can find it or see where i need to remove it from. 

 

How do i fix / cleanup this entry?

 

Its not causing me any issues however i just don't like the fact its not cleaned up this old entry. 

 

Help appreciated

Thanks

Sam

Active Directory

4 Replies

  • Alban1999's avatar
    Alban1999
    Iron Contributor
    Jul 26, 2022
    Hello,

    Adding the server back then forcing a decommission wasn't a good idea.
    If you have leftover after a migration, first wait for a bit until all logical/physical replication processes are completed - it may take some time, even within small environments.

    I guess you already try a metada cleanup ? If yes, then one solution could be manual cleanup using ADSI Edit - but it's risky and you may trigger even more issues instead.
    • Samuel_Caunt's avatar
      Samuel_Caunt
      Copper Contributor
      Jul 27, 2022
      Hi Alban,

      Are there any good guides that would walk me through this process?

      Also i guess my other question is, does leaving in place this cause me any harm?

      Regards
      Sam
      • LainRobertson's avatar
        LainRobertson
        Silver Contributor
        Jul 28, 2022

        Samuel_Caunt 

         

        Given that the object is living within the LostAndFoundConfig container and not in the operational area under Sites, you should be able to see it just fine.

         

        Just make sure you're connecting to the Configuration partition and not the default naming context. That would be the only reason I can think of for not being able to find the object listed in your picture.

         

         

        If you're looking for something official, this is the closest to the money.

         

        Fail to delete orphaned NTDS Settings - Windows Server | Microsoft Docs

         

        Cheers,

        Lain

Resources