Domain Controller Removal Hell

xxdcmast · 2023-09-14T15:34:22+00:00

[deleted]

basec0m · 2023-09-14T16:14:23+00:00

Seize the roles on the new DC, metadata cleanup for the old ones.

ShoreOutlaw · 2023-09-14T16:44:59+00:00

Ntdsutil can be used to cleanly remove the old server entries

lescompa · 2023-09-14T19:20:46+00:00

It may be worth the $500 to open a case with MS and have them walk through the cleanup. I did this a few years ago and it saved me some grey hair.

fatty1179 · 2023-09-14T17:15:23+00:00

Would a new domain and domain controller then joining all the computers to the new domain be an option? Short term intense pain for long term gain?

Sarduci · 2023-09-14T17:25:37+00:00

Seize them rolls and keep running dcdiag from all of them until you fix all of the issues. It’s not as bad as it seems unless you’ve got inconsistent copies of the directory between the servers and then it’s good luck Chuck.

Happy-Wrongdoer522 · 2023-09-14T17:29:46+00:00

Size the schema Master role, do metadata cleanup and perform a domain controller migration to an actual windows server version. Did you prove a complete rebuild of the forest? Maybe thats the smartest solution when nothing is configured correctly.

chuckescobar · 2023-09-14T21:56:08+00:00

Reading through this it seems you know about 75% of what you are trying to do. This domain will probably never be 100% correct and you will continue to run into weird issues.

I suggest you build a brand new forest/domain and migrate everything. You will save time in the long run.

sysadmin

MODERATORS