Active Directory Cleanup – The Most Common Question I See

Reading Time: < 1 minute

I am out in the Microsoft NewsGroups and quite often I see someone having trouble with their Active Directory (AD) domain.  The number one issue I see is they will lose a Domain Controller (DC) and just move on without realizing that without letting the rest of the DC’s know that this machine is not coming back –or– they attempt to reintroduce a DC back into the domain with the same name without cleaning up the metadata within AD.

To clean up AD after a lost DC is relatively simple and a script has been released that now makes it so there is no need to use ntdsutil.  The few times I have had to clean up AD, I still use the manual method but I like to feel in control of things and see what is happening.  There should be nothing wrong in using the script.

frsMember object cleanup

The KB article to manually cleanup the metadata is 216498

The TechNet script to clean up the metadata is linked here addmvb04

Once you have cleaned things up you still have to go into Active Directory Sites and Services and remove the lost DC from the site in which it belonged.  This is a requirement even if you had a successful demotion.  The steps for this are outlined at the end of each section within the manual cleanup.



With the release of 2008, there have been enhancements to no longer require scripting or command line.  Just be sure to use the 2008 console of Sites and Services outlined in the link below: