Discovery nTDSDSA Objects with no matching Discovered DC

New Contributor

Hi All, 

 

I recently decommissioned some domain controllers and migrated to them to new servers, however when i demoted one of the DC's it said it had worked however under sites and services the DC was still showing. I re-added the server back as a member DC and then tried a decommission with the /force option in the GUI.  This seemed to get rid of it however when i run the following tool i see the following issue:  

 

Samuel_Caunt_1-1658821392972.png

 

I have tried to run cleanup via NTSDUTIL and have followed various articles 

 

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc...

 

https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/remove-orphaned-domains

 

https://docs.microsoft.com/en-US/windows-server/identity/ad-ds/deploy/demoting-domain-controllers-an...

 

I have even looked at ADSEDIT and tried to locate the offended attribute and neither can find it or see where i need to remove it from. 

 

How do i fix / cleanup this entry?

 

Its not causing me any issues however i just don't like the fact its not cleaned up this old entry. 

 

Help appreciated

Thanks

Sam

4 Replies
Hello,

Adding the server back then forcing a decommission wasn't a good idea.
If you have leftover after a migration, first wait for a bit until all logical/physical replication processes are completed - it may take some time, even within small environments.

I guess you already try a metada cleanup ? If yes, then one solution could be manual cleanup using ADSI Edit - but it's risky and you may trigger even more issues instead.
Hi Alban,

Are there any good guides that would walk me through this process?

Also i guess my other question is, does leaving in place this cause me any harm?

Regards
Sam

@Samuel_Caunt 

 

Given that the object is living within the LostAndFoundConfig container and not in the operational area under Sites, you should be able to see it just fine.

 

Just make sure you're connecting to the Configuration partition and not the default naming context. That would be the only reason I can think of for not being able to find the object listed in your picture.

 

LainRobertson_0-1659003638493.png

 

If you're looking for something official, this is the closest to the money.

 

Fail to delete orphaned NTDS Settings - Windows Server | Microsoft Docs

 

Cheers,

Lain

Hello @Samuel_Caunt,
@LainRobertson replied before me and explained in details how to clean up such items. Thanks to him !
Anyway I don not think it should trigger issues for day-to-day operations, but it's better to fix it before heavier operations like migrations.